MGASA-2022-0104

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2022-22818 CVE-2022-23833

Published: 21 Mar 2022, 20:18

Last modified:16 Apr 2026, 04:23

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Mar 2022, 20:18

Published

Vulnerability first disclosed

16 Apr 2026, 04:23

Last Modified

Vulnerability information updated

Description

Updated python-django/python-asgiref packages fix security vulnerability The {% debug %} template tag didn't properly encode the current context posing an XSS attack vector (CVE-2022-22818). Passing certain inputs to multipart forms could result in an infinite loop when parsing files resulting in a denial of service (CVE-2022-23833). The python-django update necessitated a version update to python-asgiref as well.

Affected Systems

mageia•python-asgiref
< 3.5.0-1.mga8
mageia•python-django
< 3.2.12-1.mga8

References (3)

https://advisories.mageia.org/MGASA-2022-0104.html
https://bugs.mageia.org/show_bug.cgi?id=29984
https://www.djangoproject.com/weblog/2022/feb/01/security-releases/