VDB

BIT-django-2022-23833

BIT-django-2022-23833 PUBLISHED CVSS 7.5 HIGH

An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Bitnamidjango2.2.0, 3.2.0, 4.0.0

Timeline

  • Mar 6, 2024 CVE Published
  • Apr 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›