DEBIAN-CVE-2023-31047

DEBIAN-CVE-2023-31047 PUBLISHED CVSS 9.800000190734863 CRITICAL

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:12	python-django	0, 0, 0
Debian:13	python-django	0, 0, 0
Debian:14	python-django	0, 0, 0
Debian:11	python-django	, , 0

Timeline

May 7, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-31047 advisory

Open in Interactive Console →