Security
Headlines

Headlines Latest CVEs

Headline

GHSA-qmf9-6jqf-j8fq: Django potential denial of service vulnerability in UsernameField on Windows

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

1 year ago

#vulnerability #windows #dos #git #auth

Django potential denial of service vulnerability in UsernameField on Windows

Moderate severity GitHub Reviewed Published Nov 2, 2023 to the GitHub Advisory Database • Updated Nov 2, 2023

Related news

CVE-2023-46695: Django

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

1 year ago

#csrf #windows #dos #ssrf #auth

ghsa: Latest News

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

4 hours ago

GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

4 hours ago

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

4 hours ago

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

6 hours ago

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

8 hours ago