Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/python-django@3.2.19-1.0.1?arch=el8ui

Type rpm

Namespace redhat

Name python-django

Version 3.2.19-1.0.1

Qualifiers

arch	el8ui

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-42x9-8c3c-bug1

vulnerability_id

VCID-42x9-8c3c-bug1

summary

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31047.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31047.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-31047

reference_id

reference_type

scores

value	0.00122
scoring_system	epss
scoring_elements	0.31279
published_at	2026-04-21T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31306
published_at	2026-04-18T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31327
published_at	2026-04-16T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31293
published_at	2026-04-13T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31331
published_at	2026-04-12T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31375
published_at	2026-04-11T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31371
published_at	2026-04-09T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.3134
published_at	2026-04-08T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31467
published_at	2026-04-04T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31286
published_at	2026-04-07T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31425
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-31047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31047

reference_url

https://docs.djangoproject.com/en/4.2/releases/security

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/4.2/releases/security

reference_url

https://docs.djangoproject.com/en/4.2/releases/security/

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/

url

https://docs.djangoproject.com/en/4.2/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd

reference_url

https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64

reference_url

https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml

reference_url

https://groups.google.com/forum/#!forum/django-announce

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!forum/django-announce

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD

reference_url

https://security.netapp.com/advisory/ntap-20230609-0008

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230609-0008

reference_url

https://www.djangoproject.com/weblog/2023/may/03/security-releases

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2023/may/03/security-releases

reference_url

https://www.djangoproject.com/weblog/2023/may/03/security-releases/

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/

url

https://www.djangoproject.com/weblog/2023/may/03/security-releases/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035467
reference_id	1035467
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035467

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2192565
reference_id	2192565
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2192565

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/

reference_id

A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-31047

reference_id

CVE-2023-31047

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-31047

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD/

reference_id

DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD/

reference_url

https://github.com/advisories/GHSA-r3xc-prgr-mg9p

reference_id

GHSA-r3xc-prgr-mg9p

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r3xc-prgr-mg9p

reference_url

https://security.netapp.com/advisory/ntap-20230609-0008/

reference_id

ntap-20230609-0008

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/

url

https://security.netapp.com/advisory/ntap-20230609-0008/

reference_url	https://access.redhat.com/errata/RHSA-2023:4591
reference_id	RHSA-2023:4591
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4591

reference_url	https://access.redhat.com/errata/RHSA-2023:5931
reference_id	RHSA-2023:5931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5931

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

reference_url	https://usn.ubuntu.com/6054-1/
reference_id	USN-6054-1
reference_type
scores
url	https://usn.ubuntu.com/6054-1/

reference_url	https://usn.ubuntu.com/6054-2/
reference_id	USN-6054-2
reference_type
scores
url	https://usn.ubuntu.com/6054-2/

fixed_packages

aliases

BIT-django-2023-31047, CVE-2023-31047, GHSA-r3xc-prgr-mg9p, PYSEC-2023-61

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-42x9-8c3c-bug1

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-django@3.2.19-1.0.1%3Farch=el8ui

Package Instance