Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-24580


An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.


Published

2023-02-15T01:15:10.687

Last Modified

2025-03-18T20:15:18.837

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses
  • Type: Primary
    CWE-400
  • Type: Secondary
    CWE-400

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application djangoproject django < 3.2.18 Yes
Application djangoproject django < 4.0.10 Yes
Application djangoproject django < 4.1.7 Yes
Operating System debian debian_linux 10.0 Yes

References