A number of vulnerabilities were discovered in Django, a popular Python-based web development framework.
-
CVE-2021-45115: Denial-of-service possibility in the
UserAttributeSimilarityValidatorclass.UserAttributeSimilarityValidatorincurred significant overhead evaluating submitted password that were artificially large in relative to the comparison values. On the assumption that access to user registration was unrestricted this provided a potential vector for a denial-of-service attack. In order to mitigate this issue, relatively long values are now ignored by this class. -
CVE-2021-45116: Potential information disclosure in
dictsorttemplate filter. Due to leveraging the Django Template Language’s variable resolution logic, thedictsorttemplate filter was potentially vulnerable to information disclosure or unintended method calls, if passed a suitably crafted key. In order to avoid this possibility,dictsortnow works with a restricted resolution logic, that will not call methods, nor allow indexing on dictionaries. -
CVE-2021-45452: Potential directory-traversal via
Storage.save().Storage.save()allowed directory-traversal if directly passed suitably crafted file names. -
CVE-2023-24580: Potential denial-of-service vulnerability in file uploads. Passing certain inputs to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. The number of files parts parsed is now limited via the new
DATA_UPLOAD_MAX_NUMBER_FILESsetting. -
CVE-2023-31047: Prevent a potential bypass of validation when uploading multiple files using one form field. Uploading multiple files using one form field has never been supported by
forms.FileFieldorforms.ImageFieldas only the last uploaded file was validated. Unfortunately, Uploading multiple files topic suggested otherwise. In order to avoid the vulnerability, theClearableFileInputandFileInputform widgets now raiseValueErrorwhen the multiple HTML attribute is set on them. To prevent the exception and keep the old behavior, set theallow_multiple_selectedattribute toTrue.