ALT-PU-2023-1898-2

Package update python3-module-django in branch sisyphus

Version3.2.19-alt1

Published2026-02-04

Max severityCRITICAL

Severity:

Closed issues (3)

CRITICAL9.8

Уязвимость компонентов forms.FileField, forms.ImageField программной платформы для веб-приложений Django, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2023-07-06Modified: 2024-01-09

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2023-31047

CRITICAL9.8

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

Published: 2023-05-07Modified: 2025-01-29

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

GHSA-r3xc-prgr-mg9p

CRITICAL9.3

Django bypasses validation when using one form field to upload multiple files

Published: 2023-05-07Modified: 2024-09-20

CVSS 3.xCRITICAL 9.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0CRITICAL 9.3

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References