The vulnerability identified as CVE-2023-31047 affects multiple versions of Django, specifically versions prior to 3.2.19, 4.1.9, and 4.2.1. This vulnerability allows bypassing validation when using one form field to upload multiple files. The Django documentation incorrectly suggested that multiple uploads were supported by forms.FileField or forms.ImageField, leading to a situation where only the last uploaded file was validated. With a CVSS score of 9.8, this vulnerability is classified as critical.
Risk to organizations includes potential unauthorized access to sensitive data due to improper validation of uploaded files. Attackers may leverage this vulnerability to upload malicious files, which could compromise the integrity and availability of the application. Given the severity and exploitability of this vulnerability, organizations should prioritize patching immediately.
As of now, there are no known exploits publicly available, and the vulnerability has not been included in the Known Exploited Vulnerabilities (KEV) catalog, indicating that while it is critical, exploitation might not yet be widespread. Nevertheless, the window for attackers to develop and deploy exploits remains open, underlining the urgency for organizations to act.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)