PT-2023-7986 · Django+5 · Django+5

Jakob Ackermann

Publicado

2023-02-14

Atualizado

2026-01-03

CVE-2023-24580

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Django versions 3.2 before 3.2.18 Django versions 4.0 before 4.0.10 Django versions 4.1 before 4.1.7

Description The issue is related to an uncontrolled resource consumption in the Django web application platform. Exploitation of this issue could allow a remote attacker to cause a denial-of-service. The vulnerability is in the Multipart Request Parser, where passing certain inputs, such as an excessive number of parts to multipart forms, could result in too many open files or memory exhaustion, providing a potential vector for a denial-of-service attack.

Recommendations For Django versions 3.2 before 3.2.18, update to version 3.2.18 or later. For Django versions 4.0 before 4.0.10, update to version 4.0.10 or later. For Django versions 4.1 before 4.1.7, update to version 4.1.7 or later.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALT-PU-2023-1510

ALT-PU-2023-1553

BDU:2023-09100

BIT-DJANGO-2023-24580

CVE-2023-24580

DLA-3329-1

DSA-5465-1

GHSA-2HRW-HX67-34X6

MGASA-2023-0165

OESA-2023-1136

OPENSUSE-SU-2023:0062-1

OPENSUSE-SU-2023:0075-1

OPENSUSE-SU-2023:0077-1

OPENSUSE-SU-2023:0178-1

OPENSUSE-SU-2024:12690-1

OPENSUSE-SU-2024:14208-1

OPENSUSE-SU-2025:14662-1

OPENSUSE-SU-2026:10005-1

PYSEC-2023-13

RHSA-2023:2097

RHSA-2023:2101

RHSA-2023:4692

RLSA-2023:2097

SUSE-SU-2023:0704-1

SUSE-SU-2023:2080-1

USN-5868-1

Produtos afetados

Alt Linux

Astra Linux

Django

Linuxmint

Rocky Linux

Ubuntu

PT-2023-7986 · Django+5 · Django+5

CVE-2023-24580

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 152