Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2022-23833 - CERT CVE
CVE-2022-23833
ID
CVE-2022-23833
Sažetak
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
Reference
https://docs.djangoproject.com/en/4.0/releases/security/
https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
https://security.netapp.com/advisory/ntap-20220221-0003/
https://www.debian.org/security/2022/dsa-5254
https://groups.google.com/forum/#%21forum/django-announce
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a
https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468
https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9
CVSS
Base:
5.0
Impact:
2.9
Exploitability:
10.0
Pristup
Vektor
Složenost
Autentikacija
NETWORK
LOW
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
NONE
NONE
PARTIAL
CVSS vektor
AV:N/AC:L/Au:N/C:N/I:N/A:P
Zadnje važnije ažuriranje
22-11-2023 - 23:15
Objavljeno
03-02-2022 - 02:15
