CVE-2022-23833
CVE-2022-23833
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://docs.djangoproject.com/en/4.0/releases/security/https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6ahttps://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9https://groups.google.com/forum/#%21forum/django-announcehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/https://security.netapp.com/advisory/ntap-20220221-0003/https://www.debian.org/security/2022/dsa-5254https://www.djangoproject.com/weblog/2022/feb/01/security-releases/