{"url":"http://public2.vulnerablecode.io/api/packages/33533?format=json","purl":"pkg:pypi/django@3.2rc1","type":"pypi","namespace":"","name":"django","version":"3.2rc1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.2.25","latest_non_vulnerable_version":"6.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36434?format=json","vulnerability_id":"VCID-z6tf-z1y9-cydq","summary":"In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's \"Uploading multiple files\" documentation suggested otherwise.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd"},{"reference_url":"https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64"},{"reference_url":"https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230609-0008","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20230609-0008"},{"reference_url":"https://www.djangoproject.com/weblog/2023/may/03/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/may/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/may/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/may/03/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31047","reference_id":"CVE-2023-31047","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31047"},{"reference_url":"https://github.com/advisories/GHSA-r3xc-prgr-mg9p","reference_id":"GHSA-r3xc-prgr-mg9p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r3xc-prgr-mg9p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33542?format=json","purl":"pkg:pypi/django@3.2.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.19"},{"url":"http://public2.vulnerablecode.io/api/packages/33543?format=json","purl":"pkg:pypi/django@4.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/33544?format=json","purl":"pkg:pypi/django@4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9gq3-whr8-s7b8"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-e8j6-mybr-17fh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-s1rj-1xbw-fbg5"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-vgq9-s6th-yufg"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-xcmd-18ck-gqae"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"},{"vulnerability":"VCID-yuda-1mur-8bbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.1"}],"aliases":["CVE-2023-31047","GHSA-r3xc-prgr-mg9p","PYSEC-2023-61"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z6tf-z1y9-cydq"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2rc1"}