Advisories ยป MGASA-2023-0165

Updated python-django packages fix security vulnerability

Publication date: 16 May 2023
Modification date: 16 May 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-24580 , CVE-2023-31047


Passing certain inputs (e.g., an excessive number of parts) to multipart
forms could result in too many open files or memory exhaustion, and
provided a potential vector for a denial-of-service attack.
Bypass of validation when using one form field to upload multiple files.
This multiple upload has never been supported by forms.FileField or
forms.ImageField (only the last uploaded file was validated). However,
Django's "Uploading multiple files" documentation suggested otherwise.