PT-2023-7994 · Django+5 · Django+5

Mprogrammer

Publicado

2023-09-04

Atualizado

2026-01-03

CVE-2023-41164

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Django versions 3.2 through 3.2.20 Django versions 4.1 through 4.1.10 Django versions 4.2 through 4.2.4

Description The issue is related to the django.utils.encoding.uri to iri() component of the Django web application platform, which is vulnerable to a potential denial of service (DoS) attack due to incorrect input validation. This vulnerability can be exploited by a remote attacker, allowing them to cause a denial of service. The attack is possible via certain inputs with a very large number of Unicode characters.

Recommendations For Django versions 3.2 through 3.2.20, update to version 3.2.21 or later. For Django versions 4.1 through 4.1.10, update to version 4.1.11 or later. For Django versions 4.2 through 4.2.4, update to version 4.2.5 or later. As a temporary workaround, consider restricting the input to the uri to iri() function to prevent large amounts of Unicode characters.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1284CWE-400

Identificadores relacionados

ALT-PU-2023-6171

ALT-PU-2023-6172

ALT-PU-2023-6239

BDU:2023-09108

BIT-DJANGO-2023-41164

CVE-2023-41164

DLA-3558-1

DLA-4210-1

GHSA-7H4P-27MH-HMRW

OESA-2023-1661

OPENSUSE-SU-2024:13198-1

OPENSUSE-SU-2024:14208-1

OPENSUSE-SU-2026:10005-1

PYSEC-2023-225

RHSA-2023:5208

RHSA-2023:5701

RHSA-2023:5758

RHSA-2024:1878

RHSA-2024:2010

SUSE-SU-2023:3533-1

SUSE-SU-2023:3580-1

USN-6378-1

USN-6414-2

Produtos afetados

Alt Linux

Astra Linux

Debian

Django

Linuxmint

Ubuntu

PT-2023-7994 · Django+5 · Django+5

CVE-2023-41164

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 124