PT-2023-7986 · Django+5 · Django+5

Jakob Ackermann

Published

2023-02-14

Updated

2026-01-03

CVE-2023-24580

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Django versions 3.2 before 3.2.18 Django versions 4.0 before 4.0.10 Django versions 4.1 before 4.1.7

Description The issue is related to an uncontrolled resource consumption in the Django web application platform. Exploitation of this issue could allow a remote attacker to cause a denial-of-service. The vulnerability is in the Multipart Request Parser, where passing certain inputs, such as an excessive number of parts to multipart forms, could result in too many open files or memory exhaustion, providing a potential vector for a denial-of-service attack.

Recommendations For Django versions 3.2 before 3.2.18, update to version 3.2.18 or later. For Django versions 4.0 before 4.0.10, update to version 4.0.10 or later. For Django versions 4.1 before 4.1.7, update to version 4.1.7 or later.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2023-1510

ALT-PU-2023-1553

BDU:2023-09100

BIT-DJANGO-2023-24580

CVE-2023-24580

DLA-3329-1

DSA-5465-1

GHSA-2HRW-HX67-34X6

MGASA-2023-0165

OESA-2023-1136

OPENSUSE-SU-2023:0062-1

OPENSUSE-SU-2023:0075-1

OPENSUSE-SU-2023:0077-1

OPENSUSE-SU-2023:0178-1

OPENSUSE-SU-2024:12690-1

OPENSUSE-SU-2024:14208-1

OPENSUSE-SU-2025:14662-1

OPENSUSE-SU-2026:10005-1

PYSEC-2023-13

RHSA-2023:2097

RHSA-2023:2101

RHSA-2023:4692

RLSA-2023:2097

SUSE-SU-2023:0704-1

SUSE-SU-2023:2080-1

USN-5868-1

Affected Products

Alt Linux

Astra Linux

Django

Linuxmint

Rocky Linux

Ubuntu

PT-2023-7986 · Django+5 · Django+5

CVE-2023-24580

Weakness Enumeration

Related Identifiers

Affected Products

References · 152