mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 19:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.

Browse source 
Thanks to Jakob Ackermann for the report.
This commit is contained in:
Markus Holtermann 2022-12-13 10:27:39 +01:00 committed by Carlton Gibson
parent 1eb94bc8da
commit 85ac33591c
12 changed files with 213 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

5
docs/ref/exceptions.txt
View file

@ -95,12 +95,17 @@ Django core exception classes are defined in ``django.core.exceptions``.
* ``SuspiciousMultipartForm``
* ``SuspiciousSession``
* ``TooManyFieldsSent``
* ``TooManyFilesSent``
If a ``SuspiciousOperation`` exception reaches the ASGI/WSGI handler level
it is logged at the ``Error`` level and results in
a :class:`~django.http.HttpResponseBadRequest`. See the :doc:`logging
documentation </topics/logging/>` for more information.
.. versionchanged:: 3.2.18
``SuspiciousOperation`` is raised when too many files are submitted.
``PermissionDenied``
--------------------