Security Advisory

CVE-2023-31047

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-07 00:00:00

Last updated 2025-01-29 15:51:24

Assigner mitre

State PUBLISHED

Description

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Djangos "Uploading multiple files" documentation suggested otherwise.

← Browse all CVEs View on cve.org ↗