32.Lock Code Circular

It was discovered that Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1 incorrectly handled uploading multiple files using one form field (CVE-2023-31047). With a low attack complexity, no privileges required to exploit, and a high confidentiality, integrity and availability impact, this vulnerability has been rated as “Critical” by the National Vulnerability Database (NVD).

A remote attacker could possibly use this issue to bypass certain validations, potentially leading to the compromise of confidential information and loss of access to critical systems. 

An important update for Django that fixes this bug has been released. We strongly recommend that all impacted users apply the Django updates issued by their distro(s) as soon as possible to protect the confidentiality, integrity and availability of their systems.

To stay on top of important updates released by the open-source programs and applications you use, be sure to register as a LinuxSecurity user, then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use. This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).