PT-2023-1350 · Django+6 · Django+6

Mithril

·

Publicado

2023-02-01

·

Atualizado

2026-01-03

·

CVE-2023-23969

CVSS v4.0

8.7

Alta

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Django versions 3.2 through 3.2.16 Django versions 4.0 through 4.0.8 Django versions 4.1 through 4.1.5
Description The issue is related to the handling of the Accept-Language header in Django, which can lead to excessive memory usage and a potential denial-of-service vector if the raw value of the Accept-Language headers is very large. This can be exploited by a remote attacker to cause a denial of service.
Recommendations For Django versions 3.2 through 3.2.16, update to version 3.2.17 or later. For Django versions 4.0 through 4.0.8, update to version 4.0.9 or later. For Django versions 4.1 through 4.1.5, update to version 4.1.6 or later.

Correção

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-400

Identificadores relacionados

ALT-PU-2023-1510
ALT-PU-2023-1553
BDU:2023-00662
BIT-DJANGO-2023-23969
CVE-2023-23969
DLA-3306-1
DSA-5465-1
GHSA-Q2JF-H9JM-M7P4
MGASA-2023-0026
OESA-2023-1097
OESA-2023-1098
OESA-2023-1099
OESA-2023-1114
OPENSUSE-SU-2023:0057-1
OPENSUSE-SU-2023:0178-1
OPENSUSE-SU-2024:0251-1
OPENSUSE-SU-2024:12654-1
OPENSUSE-SU-2024:14208-1
OPENSUSE-SU-2024_2545-1
OPENSUSE-SU-2025:14662-1
OPENSUSE-SU-2026:10005-1
PYSEC-2023-12
RHSA-2023:2097
RHSA-2023:2101
RLSA-2023:2097
SUSE-SU-2024:2545-1
USN-5837-1
USN-5837-2

Produtos afetados

Alt Linux
Astra Linux
Django
Linuxmint
Rocky Linux
Suse
Ubuntu