Seokchan Yoon

**Name of the Vulnerable Software and Affected Versions** Python (affected versions not specified) **Description** The `unicodedata.normalize()` function can consume excessive CPU time when processing specially crafted Unicode input. This occurs when the input contains long sequences of combining characters with alternating Canonical Combining Class values, affecting all normalization forms. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.21 **Description** An improper neutralization of special elements allows an authenticated Management Console administrator to execute arbitrary OS commands. This occurs via shell metacharacter injection in proxy configuration fields, such as `http proxy`. Exploitation requires access to the instance and administrator privileges to the Management Console. **Recommendations** Update to versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, or 3.14.26.

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.29, 5.2 through 5.2.12, and 6.0 through 6.0.3 Description The `MultiPartParser` component is susceptible to performance degradation when processing multipart uploads containing `Content-Transfer-Encoding: base64` with excessive whitespace. Remote attackers can exploit this to negatively impact system performance. Recommendations Update to Django version 6.0.4 or later. Update to Django version 5.2.13 or later. Update to Django version 4.2.30 or later.

**Name of the Vulnerable Software and Affected Versions** Django versions 6.0 through 6.0.2 Django versions 5.2 through 5.2.11 Django versions 4.2 through 4.2.28 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier **Description** The `URLField.to python()` function in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows. This normalization is disproportionately slow for certain Unicode characters, potentially allowing a remote attacker to cause a denial of service by submitting large URL inputs containing these characters. **Recommendations** Update Django to version 6.0.3 or later. Update Django to version 5.2.12 or later. Update Django to version 4.2.29 or later.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.11.1 **Description** A user with DAG author permissions can manipulate the Airflow database to execute arbitrary code within the web server context. This could lead to remote code execution on the server-side when a user views historical task information. The functionality responsible for this issue, log template history, is disabled by default in version 2.11.1. The issue involves Server-Side Template Injection (SSTI) through shared database information. **Recommendations** Upgrade to Airflow version 2.11.1 or later. If you require log template history, upgrade to Airflow 3. Manually modify historical log file names if you need to view logs generated before the last log template change.

**Name of the Vulnerable Software and Affected Versions** Django versions 6.0 through 6.0.1 Django versions 5.2 through 5.2.10 Django versions 4.2 through 4.2.27 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier **Description** The `django.utils.text.Truncator.chars()` and `Truncator.words()` methods, when used with `html=True`, and the `truncatechars html` and `truncatewords html` template filters are susceptible to a potential denial-of-service. This occurs when processing crafted inputs containing a large number of unmatched HTML end tags. **Recommendations** Update to Django version 6.0.2 or later. Update to Django version 5.2.11 or later. Update to Django version 4.2.28 or later.

**Name of the Vulnerable Software and Affected Versions** Django versions 4.2 through 4.2.26 Django versions 5.1 through 5.1.14 Django versions 5.2 through 5.2.8 **Description** An issue exists in the way Django handles XML input. Specifically, algorithmic complexity within the `django.core.serializers.xml serializer.getInnerText()` function can lead to a denial-of-service condition. A remote attacker could potentially exhaust CPU and memory resources by providing specially crafted XML input to the XML `Deserializer`. **Recommendations** Update to Django version 5.2.9 or later. Update to Django version 5.1.15 or later. Update to Django version 4.2.27 or later.

**Name of the Vulnerable Software and Affected Versions** Django versions prior to 4.2.26 Django versions prior to 5.1.14 Django versions prior to 5.2.8 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier **Description** The issue relates to algorithmic complexity within the `django.http.HttpResponseRedirect()` and `django.http.HttpResponsePermanentRedirect()` functions, and the `django.shortcuts.redirect` shortcut. The slow performance of NFKC normalization in Python on Windows can be exploited to trigger a denial-of-service (DoS) condition by providing specially crafted inputs containing a large number of Unicode characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) may also be affected. **Recommendations** Upgrade to Django version 4.2.26 or later. Upgrade to Django version 5.1.14 or later. Upgrade to Django version 5.2.8 or later. Upgrade to a newer version of Django that addresses this issue if using versions 5.0.x, 4.1.x, or 3.2.x.

**Name of the Vulnerable Software and Affected Versions** Django versions 4.2 through 4.2.22 Django versions 5.1 through 5.1.10 Django versions 5.2 through 5.2.2 **Description** An issue was discovered in Django where internal HTTP response logging does not escape `request.path`, allowing remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. Approximately 1,696,617 results are found to be potentially affected. **Recommendations** For Django version 4.2, update to version 4.2.22 or later. For Django version 5.1, update to version 5.1.10 or later. For Django version 5.2, update to version 5.2.2 or later.

Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.17 Django versions 5.0 through 5.0.10 Django versions 5.1 through 5.1.4 Description: An issue was discovered in Django when using an Oracle database. Direct usage of the `django.db.models.fields.json.HasKey` lookup is subject to SQL injection if untrusted data is used as an `lhs` value. This issue can be exploited by a remote attacker to execute arbitrary SQL code by sending a specially crafted request. Recommendations: For Django versions 4.2 through 4.2.17, upgrade to version 4.2.17 or later. For Django versions 5.0 through 5.0.10, upgrade to version 5.0.10 or later. For Django versions 5.1 through 5.1.4, upgrade to version 5.1.4 or later. As a temporary workaround, consider avoiding the use of the `django.db.models.fields.json.HasKey` lookup with untrusted data until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.10.1 **Description** The issue allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to a fixed version. **Recommendations** For Apache Airflow versions prior to 2.10.1, upgrade to version 2.10.1 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the DAG folder to prevent unauthorized execution of local settings.

Name of the Vulnerable Software and Affected Versions: org.springframework:spring-web versions 5.3.0 through 5.3.37 org.springframework:spring-web versions 6.0.0 through 6.0.22 org.springframework:spring-web versions 6.1.0 through 6.1.11 Description: Applications that parse ETags from `If-Match` or `If-None-Match` request headers are vulnerable to a denial-of-service (DoS) attack. The issue is related to errors in resource release. Recommendations: For versions 5.3.x, upgrade to version 5.3.38. For versions 6.0.x, upgrade to version 6.0.23. For versions 6.1.x, upgrade to version 6.1.12. For older, unsupported versions, enforce a size limit on `If-Match` and `If-None-Match` headers, e.g., through a Filter.

**Name of the Vulnerable Software and Affected Versions** Django versions 4.2 through 4.2.14 Django versions 5.0 through 5.0.7 **Description** The issue is related to a potential denial-of-service attack in Django, specifically affecting the `urlize` and `urlizetrunc` template filters, and the `AdminURLFieldWidget` widget. This can occur via certain inputs containing a large number of Unicode characters. The vulnerability in the `django.utils.html.urlize()` function is due to a mismatch in input data length parameters, which can be exploited by a remote attacker to cause a denial-of-service. **Recommendations** For Django versions 4.2 through 4.2.14, update to version 4.2.15 or later. For Django versions 5.0 through 5.0.7, update to version 5.0.8 or later.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions 2.4.0 through 2.9.3 **Description** This vulnerability allows authenticated DAG authors to craft a malicious `doc md` parameter, potentially leading to arbitrary code execution within the scheduler context. This bypasses Airflow’s security model, which should prevent such actions. The vulnerability stems from a lack of sanitization when processing the `doc md` parameter, which is used to create descriptions for DAGs (Directed Acyclic Graphs) in the Airflow web interface. When `doc md` does not have a '.md' extension, Airflow creates a template using `jinja2.Template(doc md)`, resulting in a Server-Side Template Injection (SSTI) condition. Attackers can leverage Python’s introspection capabilities to enumerate classes and execute commands, potentially compromising the system. Exploitation requires the ability to create DAGs on the Airflow server. **Recommendations** Upgrade to Apache Airflow version 2.9.3 or later to resolve this issue.

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.9.3 Description: The issue is related to the lack of protection for the web page structure in the Provider component of Apache Airflow, allowing an authenticated attacker to inject a malicious link when installing a provider. This can lead to a cross-site scripting (XSS) attack. Recommendations: For Apache Airflow versions prior to 2.9.3, upgrade to version 2.9.3 to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Django versions 3.2 through 3.2.24 Django versions 4.2 through 4.2.10 Django versions 5.0 through 5.0.2 **Description** The issue is related to a potential regular expression denial-of-service in the `django.utils.text.Truncator.words()` method. This could allow a remote attacker to cause a denial-of-service. The `truncatewords html` template filter is also subject to this potential attack via a crafted string. **Recommendations** For Django versions 3.2 through 3.2.24, update to version 3.2.25 or later. For Django versions 4.2 through 4.2.10, update to version 4.2.11 or later. For Django versions 5.0 through 5.0.2, update to version 5.0.3 or later. As a temporary workaround, consider disabling the `django.utils.text.Truncator.words()` method with `html=True` until a patch is available. Restrict access to the `truncatewords html` template filter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Django versions 3.2 before 3.2.24 Django versions 4.2 before 4.2.10 Django versions 5.0 before 5.0.2 **Description** The issue is related to a potential denial-of-service attack when the intcomma template filter is used with very long strings. This could allow a remote attacker to cause a denial of service. The vulnerability is associated with uncontrolled resource consumption. **Recommendations** For Django versions 3.2 before 3.2.24, update to version 3.2.24 or later to resolve the issue. For Django versions 4.2 before 4.2.10, update to version 4.2.10 or later to resolve the issue. For Django versions 5.0 before 5.0.2, update to version 5.0.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the intcomma template filter with very long strings until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Django versions 3.2 through 3.2.19 Django versions 4 through 4.1.9 Django versions 4.2 through 4.2.2 **Description** The issue is related to the `EmailValidator` and `URLValidator` components in the Django web application platform. It involves the use of a regular expression with inefficient computational complexity when processing domain name labels in emails and URLs. This could allow a remote attacker to cause a denial of service. The vulnerability is subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. **Recommendations** For Django versions 3.2 through 3.2.19, update to version 3.2.20 or later. For Django versions 4 through 4.1.9, update to version 4.1.10 or later. For Django versions 4.2 through 4.2.2, update to version 4.2.3 or later. As a temporary workaround, consider restricting the use of the `EmailValidator` and `URLValidator` components until a patch is available.