An update for python-django is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1286 Final 1.0 1.0 2023-05-19 Initial 2023-05-19 2023-05-19 openEuler SA Tool V1.0 2023-05-19 python-django security update An update for python-django is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fix(es): In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.(CVE-2023-31047) An update for python-django is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical python-django https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1286 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-31047 https://nvd.nist.gov/vuln/detail/CVE-2023-31047 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 python-django-help-2.2.27-5.oe1.noarch.rpm python3-Django-2.2.27-5.oe1.noarch.rpm python-django-help-2.2.27-5.oe1.noarch.rpm python3-Django-2.2.27-5.oe1.noarch.rpm python-django-help-2.2.27-5.oe2203.noarch.rpm python3-Django-2.2.27-5.oe2203.noarch.rpm python3-Django-3.2.12-4.oe2203sp1.noarch.rpm python-django-help-3.2.12-4.oe2203sp1.noarch.rpm python-django-2.2.27-5.oe1.src.rpm python-django-2.2.27-5.oe1.src.rpm python-django-2.2.27-5.oe2203.src.rpm python-django-3.2.12-4.oe2203sp1.src.rpm In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django s Uploading multiple files documentation suggested otherwise. 2023-05-19 CVE-2023-31047 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H python-django security update 2023-05-19 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1286