Django MultiPartParser Vulnerability in Specific Versions
CVE-2022-23833

7.5HIGH

Key Information:

Vendor: Djangoproject
Status: Django
Vendor: CVE Published:; 3 February 2022

What is CVE-2022-23833?

A vulnerability in the MultiPartParser of Django allows for the possibility of infinite loops when certain inputs are passed to multipart forms. This issue affects multiple versions of Django, including 2.2 prior to 2.2.27, 3.2 prior to 3.2.12, and 4.0 prior to 4.0.2. Proper handling of multipart form data is crucial to prevent application stalls, making it essential for developers using these Django versions to implement the necessary security updates.

References

https://groups.google.com/forum/#%21forum/django-announce

https://docs.djangoproject.com/en/4.0/releases/security/

https://www.djangoproject.com/weblog/2022/feb/01/security...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2022
Vulnerability Reserved
Jan 21, 2022

Djangoproject

What is CVE-2022-23833?

References

CVSS V3.1

Timeline