Headline
GHSA-qrw5-5h28-6cmg: Denial-of-service vulnerability in internationalized URLs
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2022-41323
Denial-of-service vulnerability in internationalized URLs
Moderate severity GitHub Reviewed Published Oct 16, 2022 • Updated Oct 18, 2022
Affected versions
>= 3.2, < 3.2.16
>= 4.0, < 4.0.8
>= 4.1, < 4.1.2
Patched versions
3.2.16
4.0.8
4.1.2
Description
Related news
Red Hat Security Advisory 2023-2097-03 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, deserialization, improper neutralization, information leakage, and remote shell upload vulnerabilities.
Red Hat Security Advisory 2023-0742-01 - Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include a bypass vulnerability.
Ubuntu Security Notice 5653-1 - Benjamin Balder Bach discovered that Django incorrectly handled certain internationalized URLs. A remote attacker could possibly use this issue to cause Django to crash, resulting in a denial of service.