pysec-2022-20
Vulnerability from pysec
Published
2022-02-03 02:15
Modified
2022-02-03 06:35
Details
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
Aliases
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "django", "purl": "pkg:pypi/django" }, "ranges": [ { "events": [ { "introduced": "2.2" }, { "fixed": "2.2.27" }, { "introduced": "3.2" }, { "fixed": "3.2.12" }, { "introduced": "4.0" }, { "fixed": "4.0.2" } ], "type": "ECOSYSTEM" } ], "versions": [ "2.2", "2.2.1", "2.2.10", "2.2.11", "2.2.12", "2.2.13", "2.2.14", "2.2.15", "2.2.16", "2.2.17", "2.2.18", "2.2.19", "2.2.2", "2.2.20", "2.2.21", "2.2.22", "2.2.23", "2.2.24", "2.2.25", "2.2.26", "2.2.3", "2.2.4", "2.2.5", "2.2.6", "2.2.7", "2.2.8", "2.2.9", "3.2", "3.2.1", "3.2.10", "3.2.11", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "4.0", "4.0.1" ] } ], "aliases": [ "CVE-2022-23833", "GHSA-6cw3-g6wv-c2xv" ], "details": "An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.", "id": "PYSEC-2022-20", "modified": "2022-02-03T06:35:23.159453Z", "published": "2022-02-03T02:15:00Z", "references": [ { "type": "WEB", "url": "https://docs.djangoproject.com/en/4.0/releases/security/" }, { "type": "ARTICLE", "url": "https://www.djangoproject.com/weblog/2022/feb/01/security-releases/" }, { "type": "WEB", "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-6cw3-g6wv-c2xv" } ] }
Loading...