Sign In

CVE-2023-31047

ADVISORY - github

Summary

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

EPSS Score: 0.00063 (0.200)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-20

Improper Input Validation

CWE-862

Missing Authorization

ADVISORY - github

CWE-20

Improper Input Validation

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-20

Improper Input Validation

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-20

Improper Input Validation

Impacted images

Advisories

PypA

CREATED

UPDATED

ADVISORY ID

PYSEC-2023-61

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY
PackageTypeOS NameOS VersionAffected RangesFix Versions
djangopypi-->=4.0,<4.1.94.1.9
djangopypi-->=3.2,<3.2.193.2.19
djangopypi-->=4.2,<4.2.14.2.1

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

UPDATED

ADVISORY IDCVE-2023-31047
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-20CWE-862

CVSS SCORE

9.8critical

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-r3xc-prgr-mg9p
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-20

CVSS SCORE

9.3critical

Debian

CREATED

UPDATED

ADVISORY IDCVE-2023-31047
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2023-31047
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8low

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2023-31047

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-20CWE-937

CVSS SCORE

9.8critical

Bitnami

CREATED

UPDATED

ADVISORY ID

BIT-2023-31047

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Acritical

Bitnami

CREATED

UPDATED

ADVISORY ID

BIT-django-2023-31047

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8critical

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2023-31047
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-20

CVSS SCORE

6.5medium

Rocky

CREATED

UPDATED

ADVISORY IDRLSA-2023:6818
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh