CVE-2022-23833

Published: Feb 3, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://groups.google.com/forum/#%21forum/django-announce

https://docs.djangoproject.com/en/4.0/releases/security/

https://www.djangoproject.com/weblog/2022/feb/01/security-releases/

FEDORA-2022-e7fd530688

vendor-advisory

https://security.netapp.com/advisory/ntap-20220221-0003/

DSA-5254

vendor-advisory

https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a

https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468

https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-23833

Description

Affected Products

References