{"id":"MGASA-2023-0165","summary":"Updated python-django packages fix security vulnerability","details":"Passing certain inputs (e.g., an excessive number of parts) to multipart\nforms could result in too many open files or memory exhaustion, and\nprovided a potential vector for a denial-of-service attack.\n(CVE-2023-24580)\nBypass of validation when using one form field to upload multiple files.\nThis multiple upload has never been supported by forms.FileField or\nforms.ImageField (only the last uploaded file was validated). However,\nDjango's \"Uploading multiple files\" documentation suggested otherwise.\n(CVE-2023-31047)\n","modified":"2026-02-04T03:29:42.390532Z","published":"2023-05-16T19:17:40Z","related":["CVE-2023-24580","CVE-2023-31047"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0165.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31548"},{"type":"REPORT","url":"https://www.djangoproject.com/weblog/2023/feb/14/security-releases/"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-5868-1"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/"},{"type":"REPORT","url":"https://www.djangoproject.com/weblog/2023/may/03/security-releases/"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-6054-1"}],"affected":[{"package":{"name":"python-django","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/python-django?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.18-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0165.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}