{ "threat_severity" : "Moderate", "public_date" : "2022-02-01T08:00:00Z", "bugzilla" : { "description" : "django: Denial-of-service possibility in file uploads", "id" : "2048778", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2048778" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-835", "details" : [ "An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.", "A flaw was found in Django. The issue occurs when passing certain inputs to multipart forms, resulting in an infinite loop when parsing files." ], "affected_release" : [ { "product_name" : "Red Hat OpenStack Platform 16.1", "release_date" : "2022-12-07T00:00:00Z", "advisory" : "RHSA-2022:8872", "cpe" : "cpe:/a:redhat:openstack:16.1::el8", "package" : "python-django20-0:2.0.13-18.el8ost" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "release_date" : "2022-12-07T00:00:00Z", "advisory" : "RHSA-2022:8853", "cpe" : "cpe:/a:redhat:openstack:16.2::el8", "package" : "python-django20-0:2.0.13-18.el8ost" }, { "product_name" : "Red Hat Satellite 6.11 for RHEL 8", "release_date" : "2022-07-05T00:00:00Z", "advisory" : "RHSA-2022:5498", "cpe" : "cpe:/a:redhat:satellite:6.11::el8", "package" : "python-django-0:3.2.13-1.el8pc" }, { "product_name" : "Red Hat Satellite 6.11 for RHEL 8", "release_date" : "2022-07-05T00:00:00Z", "advisory" : "RHSA-2022:5498", "cpe" : "cpe:/a:redhat:satellite_capsule:6.11::el8", "package" : "python-django-0:3.2.13-1.el8pc" } ], "package_state" : [ { "product_name" : "Red Hat Ansible Automation Platform 1.2", "fix_state" : "Affected", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:ansible_automation_platform" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Tower 3", "fix_state" : "Affected", "package_name" : "django", "cpe" : "cpe:/a:redhat:ansible_tower:3" }, { "product_name" : "Red Hat Ceph Storage 2", "fix_state" : "Out of support scope", "package_name" : "calamari-server", "cpe" : "cpe:/a:redhat:ceph_storage:2" }, { "product_name" : "Red Hat Ceph Storage 2", "fix_state" : "Out of support scope", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:ceph_storage:2" }, { "product_name" : "Red Hat Ceph Storage 3", "fix_state" : "Out of support scope", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:ceph_storage:3" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Out of support scope", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "python3-django", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Affected", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Update Infrastructure 3 for Cloud Providers", "fix_state" : "Will not fix", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:rhui:3" }, { "product_name" : "Red Hat Update Infrastructure 4 for Cloud Providers", "fix_state" : "Affected", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:rhui:4::el8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-23833\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23833\nhttps://www.djangoproject.com/weblog/2022/feb/01/security-releases/" ], "name" : "CVE-2022-23833", "csaw" : false }