In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-05-07T00:00:00

Updated: 2024-08-02T14:45:25.559Z

Reserved: 2023-04-24T00:00:00

Link: CVE-2023-31047

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-05-07T02:15:08.917

Modified: 2024-11-21T08:01:19.110

Link: CVE-2023-31047

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-05-03T00:00:00Z

Links: CVE-2023-31047 - Bugzilla