SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2022-23833

An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.5		CVSS Score : 5.0
Exploit Score: 3.9		Exploit Score: 10.0
Impact Score: 3.6		Impact Score: 2.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: NONE
Scope: UNCHANGED		Integrity: NONE
Confidentiality: NONE		Availability: PARTIAL
Integrity: NONE
Availability: HIGH

Reference:

DSA-5254

FEDORA-2022-e7fd530688

https://docs.djangoproject.com/en/4.0/releases/security/

https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a

https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468

https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9

https://groups.google.com/forum/#%21forum/django-announce

https://security.netapp.com/advisory/ntap-20220221-0003/

https://www.djangoproject.com/weblog/2022/feb/01/security-releases/


30480



423868



253390



909



197257



282