HTTP: Django multipartparser Denial of Service
This signature detects attempts to exploit a known vulnerability against Django multipartparser. A successful attack can result in a denial-of-service condition.
Extended Description
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
Affected Products
Debian debian_linux
References
CVE: CVE-2022-23833
URL: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
Short Name
HTTP:DOS:DJANGO-MULTIPARSER
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-23833 Denial Django Service multipartparser of
Release Date
05/09/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Fedoraproject
Djangoproject
Debian
CVSS Score
5.0