PT-2022-1457 · Django+6 · Django+6

Alan Ryan

·

Published

2022-02-01

·

Updated

2026-01-03

·

CVE-2022-23833

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Django versions 2.2 before 2.2.27 Django versions 3.2 before 3.2.12 Django versions 4.0 before 4.0.2
Description An issue was discovered in MultiPartParser. Passing certain inputs to multipart forms could result in an infinite loop when parsing files. This could allow a remote attacker to perform a denial of service.
Recommendations For Django versions 2.2 before 2.2.27, update to version 2.2.27 or later. For Django versions 3.2 before 3.2.12, update to version 3.2.12 or later. For Django versions 4.0 before 4.0.2, update to version 4.0.2 or later.

Fix

DoS

Infinite Loop

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2022-1344
ALT-PU-2022-1372
BDU:2022-00585
BIT-DJANGO-2022-23833
CVE-2022-23833
DLA-2906-1
DLA-3191-1
DSA-5254-1
GHSA-6CW3-G6WV-C2XV
MGASA-2022-0104
OESA-2022-1530
OESA-2022-2055
OPENSUSE-SU-2023:0005-1
OPENSUSE-SU-2024:11804-1
OPENSUSE-SU-2024:14208-1
OPENSUSE-SU-2025:14662-1
OPENSUSE-SU-2026:10005-1
PYSEC-2022-20
RHSA-2022:5498
RHSA-2022:8853
RHSA-2022:8872
RLSA-2022:5498
SUSE-SU-2022:0285-1
SUSE-SU-2022:0286-1
USN-5269-1
USN-5269-2

Affected Products

Alt Linux
Astra Linux
Django
Linuxmint
Red Os
Rocky Linux
Ubuntu