Home > Vulnerability Database > CVE-2023-31047

Mend.io Vulnerability Database

CVE-2023-31047

Good to know:

Date: May 6, 2023

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

Language: Python

Severity Score

9.8

Related Resources (20)

Url: https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64

Url: https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-31047

Url: https://docs.djangoproject.com/en/4.2/releases/security/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD

Url: https://github.com/django/django

Url: https://www.djangoproject.com/weblog/2023/may/03/security-releases

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW

Url: https://docs.djangoproject.com/en/4.2/releases/security

Url: https://security.netapp.com/advisory/ntap-20230609-0008/

Url: https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml

Url: https://www.djangoproject.com/weblog/2023/may/03/security-releases/

Url: https://security.netapp.com/advisory/ntap-20230609-0008

Url: https://groups.google.com/forum/#!forum/django-announce

Url: https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd

Url: https://groups.google.com/forum/#%21forum/django-announce

Url: https://www.mend.io/vulnerability-database/CVE-2023-31047

Severity Score

9.8

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version Django - 3.2.19,4.1.9,4.2.1

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-31047

Good to know:

Date: May 6, 2023

Language: Python

Severity Score

Related Resources (20)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?