Vulnerabilities > Djangoproject > Django > 4.0.9

DATE CVE VULNERABILITY TITLE RISK
2023-07-03 CVE-2023-36053 In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
network
low complexity
djangoproject debian fedoraproject
7.5
7.5
2023-05-07 CVE-2023-31047 Improper Input Validation vulnerability in multiple products
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files.
network
low complexity
djangoproject fedoraproject CWE-20
critical
 9.8
9.8
2023-02-15 CVE-2023-24580 Resource Exhaustion vulnerability in multiple products
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7.
network
low complexity
djangoproject debian CWE-400
7.5
7.5