Demo of CVE-2023-31047 patch

2023-06-19 Thread optimusprime fig
Hi all, I'm really hoping some may be able to help me with this as I am at a loss trying to understand the identified vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2023-31047, how Django was patched to protect against multiple file uploads bypassing validation and how to demonstrate the vuln

Re: Demonstration of patching against CVE-2023-31047

2023-06-12 Thread optimusprime fig
Thank you! I have tried patching to 4.2.1 which disallows the multiple to be set as True on the form widget. However, I have struggled to get a working implementation up that allows multiple images of a certain file type only to be uploaded. I am now able to accidentally allow all file types up eve