CVE-2023-31047 — CRITICAL (9.8)

Q: How severe is CVE-2023-31047?

CVE-2023-31047 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-31047?

Check the references section above for vendor advisories and patch information. Affected products include: Djangoproject Django, Fedoraproject Fedora.

Vulnerability Description

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Djangoproject	Django	>= 3.2, < 3.2.19
Fedoraproject	Fedora	38

Related Weaknesses (CWE)

CWE-20 CWE-862

References

FAQ

What is CVE-2023-31047?

CVE-2023-31047 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been suppor...

How severe is CVE-2023-31047?

CVE-2023-31047 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-31047?

Check the references section above for vendor advisories and patch information. Affected products include: Djangoproject Django, Fedoraproject Fedora.