Mariusz Felisiak

3 exploits Active since Jun 2021
CVE-2021-33571 WRITEUP HIGH WRITEUP
Django <2.2.24, <3.1.12, <3.2.4 - Info Disclosure
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .
CVSS 7.5
CVE-2022-23833 WRITEUP HIGH WRITEUP
Django <4.0.2 - DoS
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
CVSS 7.5
CVE-2024-27351 WRITEUP MEDIUM WRITEUP
Django <3.2.25, <4.2.11, <5.0.3 - DoS
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
CVSS 5.3