Search for packages
| purl | pkg:rpm/redhat/python-django@3.2.21-1?arch=el8pc |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-42x9-8c3c-bug1
Aliases: BIT-django-2023-31047 CVE-2023-31047 GHSA-r3xc-prgr-mg9p PYSEC-2023-61 |
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. | There are no reported fixed by versions. |
|
VCID-wz1q-1tjp-4qhw
Aliases: BIT-django-2023-36053 CVE-2023-36053 GHSA-jh3w-4vvf-mjgr PYSEC-2023-100 |
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:54:01.775980+00:00 | RedHat Importer | Affected by | VCID-42x9-8c3c-bug1 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31047.json | 38.0.0 |
| 2026-04-01T13:53:35.796608+00:00 | RedHat Importer | Affected by | VCID-wz1q-1tjp-4qhw | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36053.json | 38.0.0 |