PT-2022-7213 · Django+4 · Django+4

Benjamin Balder Bach

Published

2022-10-04

Updated

2026-01-03

CVE-2022-41323

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Django versions 3.2 through 3.2.15 Django versions 4.0 through 4.0.7 Django versions 4.1 through 4.1.1

Description The issue is related to insufficient processing of regular expressions in internationalized URLs, which can be exploited to cause a denial of service attack via the locale parameter. This parameter is treated as a regular expression, allowing a remote attacker to potentially cause a denial of service.

Recommendations For Django versions 3.2 through 3.2.15, update to version 3.2.16 or later. For Django versions 4.0 through 4.0.7, update to version 4.0.8 or later. For Django versions 4.1 through 4.1.1, update to version 4.1.2 or later. As a temporary workaround, consider restricting access to internationalized URLs or disabling the use of the locale parameter until a patch is applied.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333CWE-185

Related Identifiers

ALT-PU-2022-2753

ALT-PU-2022-2836

BDU:2023-09097

BIT-DJANGO-2022-41323

CVE-2022-41323

DSA-5254-1

GHSA-QRW5-5H28-6CMG

MGASA-2023-0026

OPENSUSE-SU-2023:0005-1

OPENSUSE-SU-2023:0057-1

OPENSUSE-SU-2023:0178-1

OPENSUSE-SU-2024:12396-1

OPENSUSE-SU-2024:14208-1

OPENSUSE-SU-2025:14662-1

OPENSUSE-SU-2026:10005-1

PYSEC-2022-304

RHSA-2023:0742

RHSA-2023:2097

RLSA-2023:2097

USN-5653-1

Affected Products

Alt Linux

Django

Linuxmint

Rocky Linux

Ubuntu

PT-2022-7213 · Django+4 · Django+4

CVE-2022-41323

Weakness Enumeration

Related Identifiers

Affected Products

References · 149