Mageia: 2023-0165 Moderate: Python-Django Memory Exhaustion DoS
mageia
May 16, 2023
Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denia...
Summary
Passing certain inputs (e.g., an excessive number of parts) to multipart
forms could result in too many open files or memory exhaustion, and
provided a potential vector for a denial-of-service attack.
(CVE-2023-24580)
Bypass of validation when using one form field to upload multiple files.
This multiple upload has never been supported by forms.FileField or
forms.ImageField (only the last uploaded file was validated). However,
Django's "Uploading multiple files" documentation suggested otherwise.
(CVE-2023-31047)
References
- https://bugs.mageia.org/show_bug.cgi?id=31548
- https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
- https://ubuntu.com/security/notices/USN-5868-1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/
- https://www.djangoproject.com/weblog/2023/may/03/security-releases/
- https://ubuntu.com/security/notices/USN-6054-1
- https://www.cve.org/CVERecord?id=CVE-2023-24580
- https://www.cve.org/CVERecord?id=CVE-2023-31047
Resolution
SRPMS
- 8/core/python-django-3.2.18-1.mga8
PREVIOUS
NEXT
Publication date: 16 May 2023
URL: https://advisories.mageia.org/MGASA-2023-0165.html
Type: security
CVE: CVE-2023-24580,
CVE-2023-31047
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!