Chris Bailey

**Name of the Vulnerable Software and Affected Versions** Django versions 2.2 through 2.2.25 Django versions 3.2 through 3.2.10 Django versions 4.0 through 4.0.0 **Description** The issue is related to the `UserAttributeSimilarityValidator` component in the Django framework, which can cause significant overhead when evaluating a large submitted password. This can lead to a potential denial-of-service attack if access to user registration is unrestricted. The vulnerability is related to an error in resource management, allowing a remote attacker to execute a denial-of-service attack by sending a specially crafted password to the application. **Recommendations** For Django versions 2.2 through 2.2.25, update to version 2.2.26 or later. For Django versions 3.2 through 3.2.10, update to version 3.2.11 or later. For Django versions 4.0 through 4.0.0, update to version 4.0.1 or later. As a temporary workaround, consider restricting access to user registration to minimize the risk of exploitation.