CVE-2023-24580 - Vulnerability Details

Vendors	Products
Debian	Debian Linux
Djangoproject	Django
Redhat	Ansible Automation Platform Rhui Satellite Satellite Capsule

Package	CPE	Advisory	Released Date
Red Hat Ansible Automation Platform 2.4 for RHEL 8
automation-controller-0:4.4.2-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.4::el8	RHSA-2023:4692	2023-08-21T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 9
automation-controller-0:4.4.2-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.4::el9	RHSA-2023:4692	2023-08-21T00:00:00Z
Red Hat Satellite 6.13 for RHEL 8
python-django-0:3.2.18-1.el8pc	cpe:/a:redhat:satellite:6.13::el8	RHSA-2023:2097	2023-05-03T00:00:00Z
python-django-0:3.2.18-1.el8pc	cpe:/a:redhat:satellite_capsule:6.13::el8	RHSA-2023:2097	2023-05-03T00:00:00Z
RHUI 4 for RHEL 8
python-django-0:3.2.18-1.0.1.el8ui	cpe:/a:redhat:rhui:4::el8	RHSA-2023:2101	2023-05-03T00:00:00Z

Link	Providers
http://www.openwall.com/lists/oss-security/2023/02/14/1
https://docs.djangoproject.com/en/4.1/releases/security/
https://groups.google.com/forum/#%21forum/django-announce
https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/
https://nvd.nist.gov/vuln/detail/CVE-2023-24580
https://security.netapp.com/advisory/ntap-20230316-0006/
https://www.cve.org/CVERecord?id=CVE-2023-24580
https://www.djangoproject.com/weblog/2023/feb/14/security-releases/

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-24580", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-18T19:24:32.509Z", "dateReserved": "2023-01-27T00:00:00.000Z", "datePublished": "2023-02-15T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-04-28T03:06:17.641Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://groups.google.com/forum/#%21forum/django-announce"}, {"url": "https://docs.djangoproject.com/en/4.1/releases/security/"}, {"url": "http://www.openwall.com/lists/oss-security/2023/02/14/1"}, {"url": "https://www.djangoproject.com/weblog/2023/feb/14/security-releases/"}, {"name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3329-1] python-django security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html"}, {"name": "FEDORA-2023-3d775d93be", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/"}, {"name": "FEDORA-2023-bde7913e5a", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/"}, {"name": "FEDORA-2023-a74513bda8", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/"}, {"url": "https://security.netapp.com/advisory/ntap-20230316-0006/"}, {"name": "FEDORA-2023-8fed428c5e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"}, {"name": "FEDORA-2023-a53ab7c969", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:03:18.895Z"}, "title": "CVE Program Container", "references": [{"url": "https://groups.google.com/forum/#%21forum/django-announce", "tags": ["x_transferred"]}, {"url": "https://docs.djangoproject.com/en/4.1/releases/security/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/02/14/1", "tags": ["x_transferred"]}, {"url": "https://www.djangoproject.com/weblog/2023/feb/14/security-releases/", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3329-1] python-django security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html"}, {"name": "FEDORA-2023-3d775d93be", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/"}, {"name": "FEDORA-2023-bde7913e5a", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/"}, {"name": "FEDORA-2023-a74513bda8", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/"}, {"url": "https://security.netapp.com/advisory/ntap-20230316-0006/", "tags": ["x_transferred"]}, {"name": "FEDORA-2023-8fed428c5e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"}, {"name": "FEDORA-2023-a53ab7c969", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-18T19:24:08.191089Z", "id": "CVE-2023-24580", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T19:24:32.509Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2023-24580 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2025-03-18T19:24:32.509Z (string)

dateReserved : 2023-01-27T00:00:00.000Z (string)

datePublished : 2023-02-15T00:00:00.000Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-04-28T03:06:17.641Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://groups.google.com/forum/#%21forum/django-announce (string)

}

1 : { »

url : https://docs.djangoproject.com/en/4.1/releases/security/ (string)

}

2 : { »

url : http://www.openwall.com/lists/oss-security/2023/02/14/1 (string)

}

3 : { »

url : https://www.djangoproject.com/weblog/2023/feb/14/security-releases/ (string)

}

4 : { »

name : [debian-lts-announce] 20230220 [SECURITY] [DLA 3329-1] python-django security update (string)

tags : [ »

0 : mailing-list (string)

]

url : https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html (string)

}

5 : { »

name : FEDORA-2023-3d775d93be (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/ (string)

}

6 : { »

name : FEDORA-2023-bde7913e5a (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/ (string)

}

7 : { »

name : FEDORA-2023-a74513bda8 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/ (string)

}

8 : { »

url : https://security.netapp.com/advisory/ntap-20230316-0006/ (string)

}

9 : { »

name : FEDORA-2023-8fed428c5e (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/ (string)

}

10 : { »

name : FEDORA-2023-a53ab7c969 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/ (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T11:03:18.895Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://groups.google.com/forum/#%21forum/django-announce (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://docs.djangoproject.com/en/4.1/releases/security/ (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : http://www.openwall.com/lists/oss-security/2023/02/14/1 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://www.djangoproject.com/weblog/2023/feb/14/security-releases/ (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

name : [debian-lts-announce] 20230220 [SECURITY] [DLA 3329-1] python-django security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html (string)

}

5 : { »

name : FEDORA-2023-3d775d93be (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/ (string)

}

6 : { »

name : FEDORA-2023-bde7913e5a (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/ (string)

}

7 : { »

name : FEDORA-2023-a74513bda8 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/ (string)

}

8 : { »

url : https://security.netapp.com/advisory/ntap-20230316-0006/ (string)

tags : [ »

0 : x_transferred (string)

]

}

9 : { »

name : FEDORA-2023-8fed428c5e (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/ (string)

}

10 : { »

name : FEDORA-2023-a53ab7c969 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/ (string)

}

]

}

1 : { »

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-400 (string)

lang : en (string)

description : CWE-400 Uncontrolled Resource Consumption (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 7.5 (number)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : NONE (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-03-18T19:24:08.191089Z (string)

id : CVE-2023-24580 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-18T19:24:32.509Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://groups.google.com/forum/#%21forum/django-announce", "tags": ["x_transferred"]}, {"url": "https://docs.djangoproject.com/en/4.1/releases/security/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/02/14/1", "tags": ["x_transferred"]}, {"url": "https://www.djangoproject.com/weblog/2023/feb/14/security-releases/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html", "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3329-1] python-django security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/", "name": "FEDORA-2023-3d775d93be", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/", "name": "FEDORA-2023-bde7913e5a", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/", "name": "FEDORA-2023-a74513bda8", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230316-0006/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/", "name": "FEDORA-2023-8fed428c5e", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/", "name": "FEDORA-2023-a53ab7c969", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:03:18.895Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-24580", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-18T19:24:08.191089Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T19:24:27.171Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://groups.google.com/forum/#%21forum/django-announce"}, {"url": "https://docs.djangoproject.com/en/4.1/releases/security/"}, {"url": "http://www.openwall.com/lists/oss-security/2023/02/14/1"}, {"url": "https://www.djangoproject.com/weblog/2023/feb/14/security-releases/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html", "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3329-1] python-django security update", "tags": ["mailing-list"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/", "name": "FEDORA-2023-3d775d93be", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/", "name": "FEDORA-2023-bde7913e5a", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/", "name": "FEDORA-2023-a74513bda8", "tags": ["vendor-advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20230316-0006/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/", "name": "FEDORA-2023-8fed428c5e", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/", "name": "FEDORA-2023-a53ab7c969", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-04-28T03:06:17.641Z"}}}, "cveMetadata": {"cveId": "CVE-2023-24580", "state": "PUBLISHED", "dateUpdated": "2025-03-18T19:24:32.509Z", "dateReserved": "2023-01-27T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-02-15T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://groups.google.com/forum/#%21forum/django-announce (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://docs.djangoproject.com/en/4.1/releases/security/ (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : http://www.openwall.com/lists/oss-security/2023/02/14/1 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://www.djangoproject.com/weblog/2023/feb/14/security-releases/ (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html (string)

name : [debian-lts-announce] 20230220 [SECURITY] [DLA 3329-1] python-django security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_transferred (string)

]

}

5 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/ (string)

name : FEDORA-2023-3d775d93be (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

}

6 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/ (string)

name : FEDORA-2023-bde7913e5a (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

}

7 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/ (string)

name : FEDORA-2023-a74513bda8 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

}

8 : { »

url : https://security.netapp.com/advisory/ntap-20230316-0006/ (string)

tags : [ »

0 : x_transferred (string)

]

}

9 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/ (string)

name : FEDORA-2023-8fed428c5e (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

}

10 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/ (string)

name : FEDORA-2023-a53ab7c969 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T11:03:18.895Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 7.5 (number)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : NONE (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-24580 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-03-18T19:24:08.191089Z (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-400 (string)

description : CWE-400 Uncontrolled Resource Consumption (string)

}

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-18T19:24:27.171Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

references : [ »

0 : { »

url : https://groups.google.com/forum/#%21forum/django-announce (string)

}

1 : { »

url : https://docs.djangoproject.com/en/4.1/releases/security/ (string)

}

2 : { »

url : http://www.openwall.com/lists/oss-security/2023/02/14/1 (string)

}

3 : { »

url : https://www.djangoproject.com/weblog/2023/feb/14/security-releases/ (string)

}

4 : { »

url : https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html (string)

name : [debian-lts-announce] 20230220 [SECURITY] [DLA 3329-1] python-django security update (string)

tags : [ »

0 : mailing-list (string)

]

}

5 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/ (string)

name : FEDORA-2023-3d775d93be (string)

tags : [ »

0 : vendor-advisory (string)

]

}

6 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/ (string)

name : FEDORA-2023-bde7913e5a (string)

tags : [ »

0 : vendor-advisory (string)

]

}

7 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/ (string)

name : FEDORA-2023-a74513bda8 (string)

tags : [ »

0 : vendor-advisory (string)

]

}

8 : { »

url : https://security.netapp.com/advisory/ntap-20230316-0006/ (string)

}

9 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/ (string)

name : FEDORA-2023-8fed428c5e (string)

tags : [ »

0 : vendor-advisory (string)

]

}

10 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/ (string)

name : FEDORA-2023-a53ab7c969 (string)

tags : [ »

0 : vendor-advisory (string)

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : text (string)

description : n/a (string)

}

]

}

]

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-04-28T03:06:17.641Z (string)

}

cveMetadata : { »

cveId : CVE-2023-24580 (string)

state : PUBLISHED (string)

dateUpdated : 2025-03-18T19:24:32.509Z (string)

dateReserved : 2023-01-27T00:00:00.000Z (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

datePublished : 2023-02-15T00:00:00.000Z (string)

assignerShortName : mitre (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "73D9FA8C-F224-45CC-980F-F7ABD7AB9BA2", "versionEndExcluding": "3.2.18", "versionStartIncluding": "3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "08D34DC1-EA58-44BB-BBC2-B6089E525D59", "versionEndExcluding": "4.0.10", "versionStartIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDF86D1D-0552-4E21-95D2-85D2AE484F9F", "versionEndExcluding": "4.1.7", "versionStartIncluding": "4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Multipart Request Parser de Django 3.2 anterior a 3.2.18, 4.0 anterior a 4.0.10 y 4.1 anterior a 4.1.7. Pasar ciertas entradas (por ejemplo, una cantidad excesiva de partes) a formularios de varias partes podr\u00eda generar demasiados archivos abiertos o agotamiento de la memoria, y proporcionaba un vector potencial para un ataque de denegaci\u00f3n de servicio."}], "id": "CVE-2023-24580", "lastModified": "2025-03-18T20:15:18.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-02-15T01:15:10.687", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Release Notes", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/02/14/1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://docs.djangoproject.com/en/4.1/releases/security/"}, {"source": "cve@mitre.org", "url": "https://groups.google.com/forum/#%21forum/django-announce"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20230316-0006/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "url": "https://www.djangoproject.com/weblog/2023/feb/14/security-releases/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Release Notes", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/02/14/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://docs.djangoproject.com/en/4.1/releases/security/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/forum/#%21forum/django-announce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230316-0006/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "url": "https://www.djangoproject.com/weblog/2023/feb/14/security-releases/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 73D9FA8C-F224-45CC-980F-F7ABD7AB9BA2 (string)

versionEndExcluding : 3.2.18 (string)

versionStartIncluding : 3.2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 08D34DC1-EA58-44BB-BBC2-B6089E525D59 (string)

versionEndExcluding : 4.0.10 (string)

versionStartIncluding : 4.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EDF86D1D-0552-4E21-95D2-85D2AE484F9F (string)

versionEndExcluding : 4.1.7 (string)

versionStartIncluding : 4.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 07B237A9-69A3-4A9C-9DA0-4E06BD37AE73 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. (string)

}

1 : { »

lang : es (string)

value : Se descubrió un problema en Multipart Request Parser de Django 3.2 anterior a 3.2.18, 4.0 anterior a 4.0.10 y 4.1 anterior a 4.1.7. Pasar ciertas entradas (por ejemplo, una cantidad excesiva de partes) a formularios de varias partes podría generar demasiados archivos abiertos o agotamiento de la memoria, y proporcionaba un vector potencial para un ataque de denegación de servicio. (string)

}

]

id : CVE-2023-24580 (string)

lastModified : 2025-03-18T20:15:18.837 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

published : 2023-02-15T01:15:10.687 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Release Notes (string)

2 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2023/02/14/1 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://docs.djangoproject.com/en/4.1/releases/security/ (string)

}

2 : { »

source : cve@mitre.org (string)

url : https://groups.google.com/forum/#%21forum/django-announce (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html (string)

}

4 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/ (string)

}

5 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/ (string)

}

6 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/ (string)

}

7 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/ (string)

}

8 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/ (string)

}

9 : { »

source : cve@mitre.org (string)

url : https://security.netapp.com/advisory/ntap-20230316-0006/ (string)

}

10 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Release Notes (string)

2 : Vendor Advisory (string)

]

url : https://www.djangoproject.com/weblog/2023/feb/14/security-releases/ (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Release Notes (string)

2 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2023/02/14/1 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://docs.djangoproject.com/en/4.1/releases/security/ (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://groups.google.com/forum/#%21forum/django-announce (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/ (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/ (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/ (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/ (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/ (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.netapp.com/advisory/ntap-20230316-0006/ (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Release Notes (string)

2 : Vendor Advisory (string)

]

url : https://www.djangoproject.com/weblog/2023/feb/14/security-releases/ (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-400 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-400 (string)

}

]

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2023:4692", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "automation-controller-0:4.4.2-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2023-08-21T00:00:00Z"}, {"advisory": "RHSA-2023:4692", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "automation-controller-0:4.4.2-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2023-08-21T00:00:00Z"}, {"advisory": "RHSA-2023:2097", "cpe": "cpe:/a:redhat:satellite:6.13::el8", "package": "python-django-0:3.2.18-1.el8pc", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2023-05-03T00:00:00Z"}, {"advisory": "RHSA-2023:2097", "cpe": "cpe:/a:redhat:satellite_capsule:6.13::el8", "package": "python-django-0:3.2.18-1.el8pc", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2023-05-03T00:00:00Z"}, {"advisory": "RHSA-2023:2101", "cpe": "cpe:/a:redhat:rhui:4::el8", "package": "python-django-0:3.2.18-1.0.1.el8ui", "product_name": "RHUI 4 for RHEL 8", "release_date": "2023-05-03T00:00:00Z"}], "bugzilla": {"description": "python-django: Potential denial-of-service vulnerability in file uploads", "id": "2169402", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169402"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.", "A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service."], "name": "CVE-2023-24580", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Will not fix", "package_name": "ansible-tower", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python3-django", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python-django", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Out of support scope", "package_name": "python-django", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:discovery:1", "fix_state": "Affected", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "python-django", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Will not fix", "package_name": "python-django20", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "python-django20", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Will not fix", "package_name": "python-django", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "python3-django", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite-capsule:el8/python-django", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite:el8/python-django", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "python-django", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:rhui:3", "fix_state": "Out of support scope", "package_name": "python-django", "product_name": "Red Hat Update Infrastructure 3 for Cloud Providers"}], "public_date": "2023-02-14T09:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-24580\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-24580\nhttps://www.djangoproject.com/weblog/2023/feb/14/security-releases/"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2023:4692 (string)

cpe : cpe:/a:redhat:ansible_automation_platform:2.4::el8 (string)

package : automation-controller-0:4.4.2-1.el8ap (string)

product_name : Red Hat Ansible Automation Platform 2.4 for RHEL 8 (string)

release_date : 2023-08-21T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2023:4692 (string)

cpe : cpe:/a:redhat:ansible_automation_platform:2.4::el9 (string)

package : automation-controller-0:4.4.2-1.el9ap (string)

product_name : Red Hat Ansible Automation Platform 2.4 for RHEL 9 (string)

release_date : 2023-08-21T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2023:2097 (string)

cpe : cpe:/a:redhat:satellite:6.13::el8 (string)

package : python-django-0:3.2.18-1.el8pc (string)

product_name : Red Hat Satellite 6.13 for RHEL 8 (string)

release_date : 2023-05-03T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2023:2097 (string)

cpe : cpe:/a:redhat:satellite_capsule:6.13::el8 (string)

package : python-django-0:3.2.18-1.el8pc (string)

product_name : Red Hat Satellite 6.13 for RHEL 8 (string)

release_date : 2023-05-03T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2023:2101 (string)

cpe : cpe:/a:redhat:rhui:4::el8 (string)

package : python-django-0:3.2.18-1.0.1.el8ui (string)

product_name : RHUI 4 for RHEL 8 (string)

release_date : 2023-05-03T00:00:00Z (string)

}

]

bugzilla : { »

description : python-django: Potential denial-of-service vulnerability in file uploads (string)

id : 2169402 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2169402 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 7.5 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

status : verified (string)

}

cwe : CWE-400 (string)

details : [ »

0 : An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. (string)

1 : A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service. (string)

]

name : CVE-2023-24580 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:ansible_automation_platform (string)

fix_state : Will not fix (string)

package_name : ansible-tower (string)

product_name : Red Hat Ansible Automation Platform 1.2 (string)

}

1 : { »

cpe : cpe:/a:redhat:ansible_automation_platform:2 (string)

fix_state : Affected (string)

package_name : python3-django (string)

product_name : Red Hat Ansible Automation Platform 2 (string)

}

2 : { »

cpe : cpe:/a:redhat:ansible_automation_platform:2 (string)

fix_state : Affected (string)

package_name : python-django (string)

product_name : Red Hat Ansible Automation Platform 2 (string)

}

3 : { »

cpe : cpe:/a:redhat:ceph_storage:3 (string)

fix_state : Out of support scope (string)

package_name : python-django (string)

product_name : Red Hat Ceph Storage 3 (string)

}

4 : { »

cpe : cpe:/a:redhat:discovery:1 (string)

fix_state : Affected (string)

package_name : discovery-server-container (string)

product_name : Red Hat Discovery (string)

}

5 : { »

cpe : cpe:/a:redhat:openstack:13 (string)

fix_state : Out of support scope (string)

package_name : python-django (string)

product_name : Red Hat OpenStack Platform 13 (Queens) (string)

}

6 : { »

cpe : cpe:/a:redhat:openstack:16.1 (string)

fix_state : Will not fix (string)

package_name : python-django20 (string)

product_name : Red Hat OpenStack Platform 16.1 (string)

}

7 : { »

cpe : cpe:/a:redhat:openstack:16.2 (string)

fix_state : Will not fix (string)

package_name : python-django20 (string)

product_name : Red Hat OpenStack Platform 16.2 (string)

}

8 : { »

cpe : cpe:/a:redhat:openstack:17.0 (string)

fix_state : Will not fix (string)

package_name : python-django (string)

product_name : Red Hat OpenStack Platform 17.0 (string)

}

9 : { »

cpe : cpe:/a:redhat:satellite:6 (string)

fix_state : Not affected (string)

package_name : python3-django (string)

product_name : Red Hat Satellite 6 (string)

}

10 : { »

cpe : cpe:/a:redhat:satellite:6 (string)

fix_state : Not affected (string)

package_name : satellite-capsule:el8/python-django (string)

product_name : Red Hat Satellite 6 (string)

}

11 : { »

cpe : cpe:/a:redhat:satellite:6 (string)

fix_state : Not affected (string)

package_name : satellite:el8/python-django (string)

product_name : Red Hat Satellite 6 (string)

}

12 : { »

cpe : cpe:/a:redhat:storage:3 (string)

fix_state : Affected (string)

package_name : python-django (string)

product_name : Red Hat Storage 3 (string)

}

13 : { »

cpe : cpe:/a:redhat:rhui:3 (string)

fix_state : Out of support scope (string)

package_name : python-django (string)

product_name : Red Hat Update Infrastructure 3 for Cloud Providers (string)

}

]

public_date : 2023-02-14T09:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2023-24580 https://nvd.nist.gov/vuln/detail/CVE-2023-24580 https://www.djangoproject.com/weblog/2023/feb/14/security-releases/ (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object