CVE-2022-23833
CVE-2022-23833
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://docs.djangoproject.com/en/4.0/releases/security/https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6ahttps://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9https://groups.google.com/forum/#%21forum/django-announcehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/https://security.netapp.com/advisory/ntap-20220221-0003/https://www.debian.org/security/2022/dsa-5254https://www.djangoproject.com/weblog/2022/feb/01/security-releases/