Django Project Django 4.0.9

CPE Details

Django Project Django 4.0.9
djangoproject
django
4.0.9
2023-05-10
10h57 +00:00
2023-05-11
15h43 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:djangoproject:django:4.0.9:*:*:*:*:*:*:*

Informations

Vendor

djangoproject

Product

django

Version

4.0.9

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-36053 2023-07-02 22h00 +00:00 In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
7.5
Haute
CVE-2023-31047 2023-05-07 00h00 +00:00 In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
9.8
Critique
CVE-2023-24580 2023-02-15 00h00 +00:00 An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.
7.5
Haute