An update for python-django is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1136 Final 1.0 1.0 2023-03-04 Initial 2023-03-04 2023-03-04 openEuler SA Tool V1.0 2023-03-04 python-django security update An update for python-django is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fix(es): An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.(CVE-2023-24580) An update for python-django is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High python-django https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1136 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-24580 https://nvd.nist.gov/vuln/detail/CVE-2023-24580 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 python-django-help-2.2.27-4.oe1.noarch.rpm python3-Django-2.2.27-4.oe1.noarch.rpm python3-Django-2.2.27-4.oe1.noarch.rpm python-django-help-2.2.27-4.oe1.noarch.rpm python-django-help-2.2.27-4.oe2203.noarch.rpm python3-Django-2.2.27-4.oe2203.noarch.rpm python-django-help-3.2.12-3.oe2203sp1.noarch.rpm python3-Django-3.2.12-3.oe2203sp1.noarch.rpm python-django-2.2.27-4.oe1.src.rpm python-django-2.2.27-4.oe1.src.rpm python-django-2.2.27-4.oe2203.src.rpm python-django-3.2.12-3.oe2203sp1.src.rpm An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. 2023-03-04 CVE-2023-24580 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H python-django security update 2023-03-04 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1136