Back to bug 2192565

Who When What Removed Added
Guilherme de Almeida Suckevicz 2023-05-03 18:10:00 UTC CC security-response-team
Blocks 2190007
CC amctagga, aoconnor, apevec, bbuckingham, bcourt, bniver, cwelton, davidn, eglynn, ehelms, epacific, flucifre
CC , gmeno, gtanzill, jcammara, jhardy, jjoyce, jneedle, jobarker, jsherril, lhh, lzap, mabashia, mbenjamin
CC , mburns, mgarciac, mhackett, mhulan, mminar, myarboro, nmoumoul, orabin, osapryki, pcreech, rbiba, rchan
CC , simaishi, smcdonal, sostapov, spower, sskracic, teagle, vereddy, yguenane, zsadeh
CC rhos-maint
Deadline 2023-05-03
Group qe_staff, security
Summary EMBARGOED CVE-2023-31047 python-django: Potential bypass of validation when uploading multiple files using one form field CVE-2023-31047 python-django: Potential bypass of validation when uploading multiple files using one form field
Paige Jung 2023-06-01 18:54:39 UTC Depends On 2196196, 2196197, 2196195
Depends On 2196199
Priority low medium
Severity low medium
Doc Text A bypass of validation flaw was found in python-django. When uploading multiple files using one form field, an attacker could upload multiple files without validation, as the server validates only the last file uploaded.
Doc Text A bypass of validation flaw was found in python-django. When uploading multiple files using one form field, an attacker could upload multiple files without validation, as the server validates only the last file uploaded. A bypass of validation flaw was found in python-django. When uploading multiple files using one form field, an attacker could upload multiple files without validation due to the server only validating the last file uploaded.
Red Hat Bugzilla 2023-07-07 08:28:42 UTC Assignee security-response-team nobody
CC security-response-team
errata-xmlrpc 2023-08-09 14:17:58 UTC Link ID Red Hat Product Errata RHSA-2023:4591
Product Security DevOps Team 2023-08-09 19:12:49 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2023-08-09 19:12:49 UTC

Back to bug 2192565