You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
mend-bolt-for-githubbot
changed the title
CVE-2023-31047 (Medium) detected in Django-3.2.16-py3-none-any.whl
CVE-2023-31047 (Critical) detected in Django-3.2.16-py3-none-any.whl
Jul 4, 2023
CVE-2023-31047 - Critical Severity Vulnerability
Vulnerable Library - Django-3.2.16-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/8a/c4/f946a6b02fcbba84e56074f2fc36866433b009bea2528b09fe0bac4fe1aa/Django-3.2.16-py3-none-any.whl
Path to dependency file: /tmp/ws-scm/django-migration-fixer
Path to vulnerable library: /tmp/ws-scm/django-migration-fixer
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
Publish Date: 2023-05-07
URL: CVE-2023-31047
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://seclists.org/oss-sec/2023/q2/110
Release Date: 2023-05-07
Fix Resolution: 3.2.19
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: