Safety vulnerability ID: 53315
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Django 4.1.7, 4.0.10 and 3.2.18 include a fix for CVE-2023-24580: Potential denial-of-service vulnerability in file uploads.
https://www.djangoproject.com/weblog/2023/feb/14/security-releases
Latest version: 5.1.4
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
===========================
*February 14, 2023*
Django 3.2.18 fixes a security issue with severity "moderate" in 3.2.17.
CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
=========================================================================
Passing certain inputs to multipart forms could result in too many open files
or memory exhaustion, and provided a potential vector for a denial-of-service
attack.
The number of files parts parsed is now limited via the new
:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting.
===========================
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application