mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.

Browse Source 
Thanks to Jakob Ackermann for the report.
This commit is contained in:
Markus Holtermann
2022-12-13 10:27:39 +01:00
committed by Carlton Gibson
parent 1eb94bc8da
commit 85ac33591c
12 changed files with 213 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/releases/3.2.18.txt
View File

@@ -6,4 +6,12 @@ Django 3.2.18 release notes
Django 3.2.18 fixes a security issue with severity "moderate" in 3.2.17.
...
CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
=========================================================================
Passing certain inputs to multipart forms could result in too many open files
or memory exhaustion, and provided a potential vector for a denial-of-service
attack.
The number of files parts parsed is now limited via the new
:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting.