[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-24580":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":86,"aliases":87,"duplicate_of":9,"upstream":91,"downstream":92,"duplicates":129,"related":132,"reserved_at":9,"published_at":144,"modified_at":145,"state":146,"summary":147,"references_raw":156,"kevs":292,"epss":293,"epss_history":296,"metrics":555,"affected":568},"CVE-2023-24580","An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],[],[88,89,90],"GHSA-2hrw-hx67-34x6","BIT-django-2023-24580","PYSEC-2023-13",[],[93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127],{"_key":94},"SUSE-SU-2023:0704-1",{"_key":96},"SUSE-SU-2023:2080-1",{"_key":98},"OPENSUSE-SU-2023:0077-1",{"_key":100},"OPENSUSE-SU-2023:0062-1",{"_key":102},"OPENSUSE-SU-2023:0075-1",{"_key":104},"OPENSUSE-SU-2023:0178-1",{"_key":106},"OPENSUSE-SU-2024:12690-1",{"_key":108},"OPENSUSE-SU-2024:14208-1",{"_key":110},"OPENSUSE-SU-2025:14662-1",{"_key":112},"DLA-3329-1",{"_key":114},"RHSA-2023:2101",{"_key":116},"OPENSUSE-SU-2026:10005-1",{"_key":118},"UBUNTU-CVE-2023-24580",{"_key":120},"MGASA-2023-0165",{"_key":122},"USN-5868-1",{"_key":124},"DEBIAN-CVE-2023-24580",{"_key":126},"RHSA-2023:2097",{"_key":128},"RHSA-2023:4692",[130],{"_key":131},"CVE-2022-24580",[133,134,135,136,137,138,139,140,141,142,143],{"_key":94},{"_key":96},{"_key":98},{"_key":100},{"_key":102},{"_key":104},{"_key":106},{"_key":108},{"_key":110},{"_key":116},{"_key":120},"2023-02-15T00:00:00.000Z","2025-03-18T19:24:32.509Z","Modified",{"cisa_kev":148,"cisa_ransomware":148,"cisa_vendor":9,"epss_severity":149,"epss_score":150,"severity":151,"severity_score":152,"severity_version":153,"severity_source":154,"severity_vector":155,"severity_status":146},false,"medium",0.19669,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[157,164,170,177,182,186,190,194,198,202,206,210,215,219,223,227,231,235,239,243,247,251,255,259,263,267,271,275,279,283,288],{"url":158,"sources":159,"tags":162},"https://groups.google.com/forum/#%21forum/django-announce",[154,160,161],"nvd","osv_pypi",[163],"WEB",{"url":165,"sources":166,"tags":167},"https://docs.djangoproject.com/en/4.1/releases/security/",[154,160,161],[168,169,163],"Patch","Vendor Advisory",{"url":171,"sources":172,"tags":173},"http://www.openwall.com/lists/oss-security/2023/02/14/1",[154,160,161],[174,175,176,163],"Mailing List","Release Notes","Third Party Advisory",{"url":178,"sources":179,"tags":180},"https://www.djangoproject.com/weblog/2023/feb/14/security-releases/",[154,160,161],[168,175,169,181],"ARTICLE",{"url":183,"sources":184,"tags":185},"https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html",[154,160,161],[174,176,163],{"url":187,"sources":188,"tags":189},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/",[154,160],[169],{"url":191,"sources":192,"tags":193},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/",[154,160],[169],{"url":195,"sources":196,"tags":197},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/",[154,160],[169],{"url":199,"sources":200,"tags":201},"https://security.netapp.com/advisory/ntap-20230316-0006/",[154,160],[],{"url":203,"sources":204,"tags":205},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/",[154,160],[169],{"url":207,"sources":208,"tags":209},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/",[154,160],[169],{"url":211,"sources":212,"tags":213},"https://nvd.nist.gov/vuln/detail/CVE-2023-24580",[161],[214],"Advisory",{"url":216,"sources":217,"tags":218},"https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92",[161],[163],{"url":220,"sources":221,"tags":222},"https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432",[161],[163],{"url":224,"sources":225,"tags":226},"https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8",[161],[163],{"url":228,"sources":229,"tags":230},"https://www.djangoproject.com/weblog/2023/feb/14/security-releases",[161],[163],{"url":232,"sources":233,"tags":234},"https://security.netapp.com/advisory/ntap-20230316-0006",[161],[163],{"url":236,"sources":237,"tags":238},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP",[161],[163],{"url":240,"sources":241,"tags":242},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77",[161],[163],{"url":244,"sources":245,"tags":246},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI",[161],[163],{"url":248,"sources":249,"tags":250},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK",[161],[163],{"url":252,"sources":253,"tags":254},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B",[161],[163],{"url":256,"sources":257,"tags":258},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP",[161],[163],{"url":260,"sources":261,"tags":262},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77",[161],[163],{"url":264,"sources":265,"tags":266},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI",[161],[163],{"url":268,"sources":269,"tags":270},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK",[161],[163],{"url":272,"sources":273,"tags":274},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B",[161],[163],{"url":276,"sources":277,"tags":278},"https://groups.google.com/forum/#!forum/django-announce",[161],[163],{"url":280,"sources":281,"tags":282},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml",[161],[163],{"url":284,"sources":285,"tags":286},"https://github.com/django/django",[161],[287],"PACKAGE",{"url":289,"sources":290,"tags":291},"https://docs.djangoproject.com/en/4.1/releases/security",[161],[163],[],{"date":294,"score":150,"percentile":295},"2026-06-04",0.95542,[297,301,304,307,310,313,316,318,321,324,327,330,333,335,338,342,345,348,351,354,356,359,362,365,368,371,373,375,379,382,385,387,389,391,394,396,399,402,405,408,411,414,416,419,422,425,428,431,434,437,439,442,445,448,451,453,456,460,463,467,470,473,476,479,481,483,486,489,492,494,496,498,500,503,507,510,514,517,519,522,525,528,531,534,537,540,542,545,548,551],{"date":298,"score":299,"percentile":300},"2025-11-04",0.14703,0.94194,{"date":302,"score":299,"percentile":303},"2025-11-05",0.94193,{"date":305,"score":299,"percentile":306},"2025-11-06",0.94195,{"date":308,"score":299,"percentile":309},"2025-11-07",0.94198,{"date":311,"score":299,"percentile":312},"2025-11-08",0.942,{"date":314,"score":299,"percentile":315},"2025-11-09",0.94197,{"date":317,"score":299,"percentile":312},"2025-11-10",{"date":319,"score":299,"percentile":320},"2025-11-11",0.94202,{"date":322,"score":299,"percentile":323},"2025-11-12",0.94207,{"date":325,"score":299,"percentile":326},"2025-11-13",0.94208,{"date":328,"score":299,"percentile":329},"2025-11-14",0.9421,{"date":331,"score":299,"percentile":332},"2025-11-15",0.94205,{"date":334,"score":299,"percentile":326},"2025-11-16",{"date":336,"score":299,"percentile":337},"2025-11-17",0.94206,{"date":339,"score":340,"percentile":341},"2025-11-18",0.49525,0.97667,{"date":343,"score":340,"percentile":344},"2025-11-19",0.97668,{"date":346,"score":340,"percentile":347},"2025-11-20",0.97674,{"date":349,"score":299,"percentile":350},"2025-11-21",0.94213,{"date":352,"score":299,"percentile":353},"2025-11-22",0.94212,{"date":355,"score":299,"percentile":350},"2025-11-23",{"date":357,"score":299,"percentile":358},"2025-11-24",0.94215,{"date":360,"score":299,"percentile":361},"2025-11-25",0.94218,{"date":363,"score":299,"percentile":364},"2025-11-26",0.94219,{"date":366,"score":299,"percentile":367},"2025-11-27",0.94221,{"date":369,"score":299,"percentile":370},"2025-11-28",0.94217,{"date":372,"score":299,"percentile":370},"2025-11-29",{"date":374,"score":299,"percentile":370},"2025-11-30",{"date":376,"score":377,"percentile":378},"2025-12-01",0.06243,0.90576,{"date":380,"score":377,"percentile":381},"2025-12-02",0.90574,{"date":383,"score":377,"percentile":384},"2025-12-03",0.90575,{"date":386,"score":299,"percentile":350},"2025-12-04",{"date":388,"score":299,"percentile":370},"2025-12-05",{"date":390,"score":299,"percentile":370},"2025-12-06",{"date":392,"score":299,"percentile":393},"2025-12-07",0.94216,{"date":395,"score":299,"percentile":370},"2025-12-08",{"date":397,"score":299,"percentile":398},"2025-12-09",0.94223,{"date":400,"score":299,"percentile":401},"2025-12-10",0.94232,{"date":403,"score":299,"percentile":404},"2025-12-11",0.94235,{"date":406,"score":299,"percentile":407},"2025-12-12",0.94236,{"date":409,"score":299,"percentile":410},"2025-12-13",0.94234,{"date":412,"score":299,"percentile":413},"2025-12-14",0.94233,{"date":415,"score":299,"percentile":407},"2025-12-15",{"date":417,"score":299,"percentile":418},"2025-12-16",0.94239,{"date":420,"score":299,"percentile":421},"2025-12-17",0.94243,{"date":423,"score":299,"percentile":424},"2025-12-18",0.94248,{"date":426,"score":299,"percentile":427},"2025-12-19",0.94249,{"date":429,"score":299,"percentile":430},"2025-12-20",0.9425,{"date":432,"score":299,"percentile":433},"2025-12-21",0.94254,{"date":435,"score":299,"percentile":436},"2025-12-22",0.94255,{"date":438,"score":299,"percentile":433},"2025-12-23",{"date":440,"score":299,"percentile":441},"2025-12-24",0.94259,{"date":443,"score":299,"percentile":444},"2025-12-25",0.94265,{"date":446,"score":299,"percentile":447},"2025-12-26",0.94263,{"date":449,"score":299,"percentile":450},"2025-12-27",0.94296,{"date":452,"score":299,"percentile":447},"2025-12-28",{"date":454,"score":299,"percentile":455},"2025-12-29",0.94262,{"date":457,"score":458,"percentile":459},"2025-12-30",0.18744,0.95067,{"date":461,"score":458,"percentile":462},"2025-12-31",0.95071,{"date":464,"score":465,"percentile":466},"2026-01-01",0.08732,0.92274,{"date":468,"score":465,"percentile":469},"2026-01-02",0.92271,{"date":471,"score":465,"percentile":472},"2026-01-03",0.9227,{"date":474,"score":458,"percentile":475},"2026-01-04",0.95059,{"date":477,"score":458,"percentile":478},"2026-01-05",0.95058,{"date":480,"score":458,"percentile":478},"2026-01-06",{"date":482,"score":458,"percentile":478},"2026-01-07",{"date":484,"score":458,"percentile":485},"2026-01-08",0.95062,{"date":487,"score":458,"percentile":488},"2026-01-09",0.95064,{"date":490,"score":458,"percentile":491},"2026-01-10",0.95065,{"date":493,"score":458,"percentile":491},"2026-01-11",{"date":495,"score":458,"percentile":488},"2026-01-12",{"date":497,"score":458,"percentile":485},"2026-01-13",{"date":499,"score":458,"percentile":459},"2026-01-14",{"date":501,"score":458,"percentile":502},"2026-01-15",0.95068,{"date":504,"score":505,"percentile":506},"2026-01-16",0.2451,0.95939,{"date":508,"score":505,"percentile":509},"2026-01-17",0.95941,{"date":511,"score":512,"percentile":513},"2026-01-18",0.24988,0.95994,{"date":515,"score":512,"percentile":516},"2026-01-19",0.95993,{"date":518,"score":512,"percentile":513},"2026-01-20",{"date":520,"score":512,"percentile":521},"2026-01-21",0.95995,{"date":523,"score":512,"percentile":524},"2026-01-22",0.95997,{"date":526,"score":512,"percentile":527},"2026-01-23",0.96001,{"date":529,"score":512,"percentile":530},"2026-01-24",0.96003,{"date":532,"score":512,"percentile":533},"2026-01-25",0.96007,{"date":535,"score":505,"percentile":536},"2026-01-26",0.95958,{"date":538,"score":505,"percentile":539},"2026-01-27",0.95957,{"date":541,"score":505,"percentile":536},"2026-01-28",{"date":543,"score":505,"percentile":544},"2026-01-29",0.95959,{"date":546,"score":505,"percentile":547},"2026-01-30",0.95961,{"date":549,"score":505,"percentile":550},"2026-01-31",0.95963,{"date":552,"score":553,"percentile":554},"2026-02-01",0.11816,0.93563,[556,561,563],{"source":154,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":557,"cvss_v4_0":9},{"baseScore":152,"baseSeverity":558,"vectorString":155,"impactScore":559,"exploitabilityScore":560},"HIGH",6,10,{"source":160,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":562,"cvss_v4_0":9},{"baseScore":152,"baseSeverity":558,"vectorString":155,"impactScore":559,"exploitabilityScore":560},{"source":161,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":564,"cvss_v4_0":565},{"baseScore":152,"baseSeverity":9,"vectorString":155,"impactScore":559,"exploitabilityScore":560},{"baseScore":566,"baseSeverity":9,"vectorString":567,"impactScore":9,"exploitabilityScore":9},8.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",[569,578,599],{"ecosystem":9,"name":570,"vendor":571,"product":572,"cpe_part":573,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":574},"debian linux","debian","debian_linux","o",[575],{"version":576,"is_range":148,"range_type":577,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":579,"vendor":580,"product":581,"cpe_part":582,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":583},"Django","djangoproject","django","a",[584,591,595],{"version":585,"is_range":586,"range_type":577,"version_start":587,"version_start_type":588,"version_end":589,"version_end_type":590,"fixed_in":9},"gte3.2_lt3.2.18",true,"3.2","including","3.2.18","excluding",{"version":592,"is_range":586,"range_type":577,"version_start":593,"version_start_type":588,"version_end":594,"version_end_type":590,"fixed_in":9},"gte4.0_lt4.0.10","4.0","4.0.10",{"version":596,"is_range":586,"range_type":577,"version_start":597,"version_start_type":588,"version_end":598,"version_end_type":590,"fixed_in":9},"gte4.1_lt4.1.7","4.1","4.1.7",{"ecosystem":600,"name":581,"vendor":600,"product":581,"cpe_part":9,"purl_type":601,"purl_namespace":9,"purl_name":581,"source":9,"versions":602},"PyPI","pypi",[603,607,610,613],{"version":604,"is_range":586,"range_type":605,"version_start":606,"version_start_type":588,"version_end":589,"version_end_type":590,"fixed_in":9},"gte3_2a1_lt3_2_18","ecosystem","3.2a1",{"version":608,"is_range":586,"range_type":605,"version_start":609,"version_start_type":588,"version_end":598,"version_end_type":590,"fixed_in":9},"gte4_1a1_lt4_1_7","4.1a1",{"version":611,"is_range":586,"range_type":605,"version_start":612,"version_start_type":588,"version_end":594,"version_end_type":590,"fixed_in":9},"gte4_0a1_lt4_0_10","4.0a1",{"version":614,"is_range":586,"range_type":605,"version_start":597,"version_start_type":588,"version_end":598,"version_end_type":590,"fixed_in":9},"gte4_1_lt4_1_7"]