{
  "threat_severity" : "Moderate",
  "public_date" : "2023-02-14T09:00:00Z",
  "bugzilla" : {
    "description" : "python-django: Potential denial-of-service vulnerability in file uploads",
    "id" : "2169402",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2169402"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.", "A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
    "release_date" : "2023-08-21T00:00:00Z",
    "advisory" : "RHSA-2023:4692",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
    "package" : "automation-controller-0:4.4.2-1.el8ap"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
    "release_date" : "2023-08-21T00:00:00Z",
    "advisory" : "RHSA-2023:4692",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
    "package" : "automation-controller-0:4.4.2-1.el9ap"
  }, {
    "product_name" : "Red Hat Satellite 6.13 for RHEL 8",
    "release_date" : "2023-05-03T00:00:00Z",
    "advisory" : "RHSA-2023:2097",
    "cpe" : "cpe:/a:redhat:satellite:6.13::el8",
    "package" : "python-django-0:3.2.18-1.el8pc"
  }, {
    "product_name" : "Red Hat Satellite 6.13 for RHEL 8",
    "release_date" : "2023-05-03T00:00:00Z",
    "advisory" : "RHSA-2023:2097",
    "cpe" : "cpe:/a:redhat:satellite_capsule:6.13::el8",
    "package" : "python-django-0:3.2.18-1.el8pc"
  }, {
    "product_name" : "RHUI 4 for RHEL 8",
    "release_date" : "2023-05-03T00:00:00Z",
    "advisory" : "RHSA-2023:2101",
    "cpe" : "cpe:/a:redhat:rhui:4::el8",
    "package" : "python-django-0:3.2.18-1.0.1.el8ui"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 1.2",
    "fix_state" : "Will not fix",
    "package_name" : "ansible-tower",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Affected",
    "package_name" : "python3-django",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Affected",
    "package_name" : "python-django",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ceph Storage 3",
    "fix_state" : "Out of support scope",
    "package_name" : "python-django",
    "cpe" : "cpe:/a:redhat:ceph_storage:3"
  }, {
    "product_name" : "Red Hat Discovery 1",
    "fix_state" : "Affected",
    "package_name" : "discovery-server-container",
    "cpe" : "cpe:/a:redhat:discovery:1"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Out of support scope",
    "package_name" : "python-django",
    "cpe" : "cpe:/a:redhat:openstack:13"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.1",
    "fix_state" : "Will not fix",
    "package_name" : "python-django20",
    "cpe" : "cpe:/a:redhat:openstack:16.1"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "fix_state" : "Will not fix",
    "package_name" : "python-django20",
    "cpe" : "cpe:/a:redhat:openstack:16.2"
  }, {
    "product_name" : "Red Hat OpenStack Platform 17.0",
    "fix_state" : "Will not fix",
    "package_name" : "python-django",
    "cpe" : "cpe:/a:redhat:openstack:17.0"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Not affected",
    "package_name" : "python3-django",
    "cpe" : "cpe:/a:redhat:satellite:6"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Not affected",
    "package_name" : "satellite-capsule:el8/python-django",
    "cpe" : "cpe:/a:redhat:satellite:6"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Not affected",
    "package_name" : "satellite:el8/python-django",
    "cpe" : "cpe:/a:redhat:satellite:6"
  }, {
    "product_name" : "Red Hat Storage 3",
    "fix_state" : "Will not fix",
    "package_name" : "python-django",
    "cpe" : "cpe:/a:redhat:storage:3"
  }, {
    "product_name" : "Red Hat Update Infrastructure 3 for Cloud Providers",
    "fix_state" : "Out of support scope",
    "package_name" : "python-django",
    "cpe" : "cpe:/a:redhat:rhui:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-24580\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-24580\nhttps://www.djangoproject.com/weblog/2023/feb/14/security-releases/" ],
  "name" : "CVE-2023-24580",
  "csaw" : false
}