CVE-2021-45115

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Django versions 2.2 through 2.2.25 Django versions 3.2 through 3.2.10 Django versions 4.0 through 4.0.0

Description The issue is related to the UserAttributeSimilarityValidator component in the Django framework, which can cause significant overhead when evaluating a large submitted password. This can lead to a potential denial-of-service attack if access to user registration is unrestricted. The vulnerability is related to an error in resource management, allowing a remote attacker to execute a denial-of-service attack by sending a specially crafted password to the application.

Recommendations For Django versions 2.2 through 2.2.25, update to version 2.2.26 or later. For Django versions 3.2 through 3.2.10, update to version 3.2.11 or later. For Django versions 4.0 through 4.0.0, update to version 4.0.1 or later. As a temporary workaround, consider restricting access to user registration to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-399

Related Identifiers

ALT-PU-2022-1075

ALT-PU-2022-1124

BDU:2022-00352

BIT-DJANGO-2021-45115

CVE-2021-45115

DLA-3177-1

GHSA-53QW-Q765-4FWW

MGASA-2022-0011

OESA-2022-1530

OESA-2022-2055

OPENSUSE-SU-2023:0005-1

OPENSUSE-SU-2024:11725-1

OPENSUSE-SU-2024:14208-1

OPENSUSE-SU-2025:14662-1

OPENSUSE-SU-2026:10005-1

PYSEC-2022-1

RHSA-2022:5498

RLSA-2022:5498

SUSE-SU-2022:0102-1

SUSE-SU-2022:0103-1

USN-5204-1

Affected Products

Alt Linux

Astra Linux

Django

Linuxmint

Red Os

Rocky Linux

Ubuntu

CVE-2021-45115

Weakness Enumeration

Related Identifiers

Affected Products

References · 622