DEBIAN-CVE-2023-24580

DEBIAN-CVE-2023-24580 PUBLISHED CVSS 7.5 HIGH

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	python-django	0, 0, 0
Debian:13	python-django	0, 0, 0
Debian:12	python-django	0, 0, 0
Debian:11	python-django	2:2.2.28-1~deb11u1, 0, 2:2.2.24-1

Exploit Intelligence

Security advisory tracking for Django 3.2.16 vulnerabilities - CVE-2023-23969 and CVE-2023-24580 (github-poc-repo)

Timeline

Feb 15, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-24580 advisory

Open in Interactive Console →