VDB
CVE-2022-23833
CVE-2022-23833
PUBLISHED
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
EPSS 1.42% · 80.9th percentile
Risk Scores
EPSS Score
1.42%
80.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | django | 3.2.0, 4.0.0, 2.2.0 |
| Bitnami | django | 2.2.0, 3.2.0, 4.0.0 |
Timeline
- Feb 3, 2022 CVE Published
- Feb 8, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 16, 2022 EPSS Score
- Sep 7, 2022 EPSS Score
- Dec 20, 2022 EPSS Score
- Feb 11, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 18, 2023 EPSS Score
- Oct 31, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
- Feb 12, 2024 EPSS Score
References
- https://docs.djangoproject.com/en/4.0/releases/security/ url
- https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a url
- https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468 url
- https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9 url
- https://groups.google.com/forum/#%21forum/django-announce url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/ url
- https://security.netapp.com/advisory/ntap-20220221-0003/ url
- https://www.debian.org/security/2022/dsa-5254 url
- https://www.djangoproject.com/weblog/2022/feb/01/security-releases/ url
- https://nvd.nist.gov/vuln/detail/CVE-2022-23833 url