CVE-2022-23833
django: Denial-of-service possibility in file uploads
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
Se ha detectado un problema en MultiPartParser en Django versiones 2.2 anteriores a 2.2.27, 3.2 anteriores a 3.2.12 y 4.0 anteriores a 4.0.2. Pasar determinadas entradas a formularios multiparte podÃa resultar en un bucle infinito cuando eran analizados los archivos
A flaw was found in Django. The issue occurs when passing certain inputs to multipart forms, resulting in an infinite loop when parsing files.
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include HTTP request smuggling, buffer overflow, bypass, code execution, cross site scripting, denial of service, heap overflow, information leakage, privilege escalation, remote shell upload, remote SQL injection, and traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-21 CVE Reserved
- 2022-02-03 CVE Published
- 2024-08-03 CVE Updated
- 2025-07-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (11)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://docs.djangoproject.com/en/4.0/releases/security | 2023-11-22 | |
https://www.djangoproject.com/weblog/2022/feb/01/security-releases | 2023-11-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 2.2 < 2.2.27 Search vendor "Djangoproject" for product "Django" and version " >= 2.2 < 2.2.27" | - |
Affected
| ||||||
Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 3.2 < 3.2.12 Search vendor "Djangoproject" for product "Django" and version " >= 3.2 < 3.2.12" | - |
Affected
| ||||||
Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 4.0 < 4.0.2 Search vendor "Djangoproject" for product "Django" and version " >= 4.0 < 4.0.2" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
|