PT-2023-1350 · Django+6 · Django+6

Mithril

·

Published

2023-02-01

·

Updated

2026-01-03

·

CVE-2023-23969

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Django versions 3.2 through 3.2.16 Django versions 4.0 through 4.0.8 Django versions 4.1 through 4.1.5
Description The issue is related to the handling of the Accept-Language header in Django, which can lead to excessive memory usage and a potential denial-of-service vector if the raw value of the Accept-Language headers is very large. This can be exploited by a remote attacker to cause a denial of service.
Recommendations For Django versions 3.2 through 3.2.16, update to version 3.2.17 or later. For Django versions 4.0 through 4.0.8, update to version 4.0.9 or later. For Django versions 4.1 through 4.1.5, update to version 4.1.6 or later.

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

ALT-PU-2023-1510
ALT-PU-2023-1553
BDU:2023-00662
BIT-DJANGO-2023-23969
CVE-2023-23969
DLA-3306-1
DSA-5465-1
GHSA-Q2JF-H9JM-M7P4
MGASA-2023-0026
OESA-2023-1097
OESA-2023-1098
OESA-2023-1099
OESA-2023-1114
OPENSUSE-SU-2023:0057-1
OPENSUSE-SU-2023:0178-1
OPENSUSE-SU-2024:0251-1
OPENSUSE-SU-2024:12654-1
OPENSUSE-SU-2024:14208-1
OPENSUSE-SU-2024_2545-1
OPENSUSE-SU-2025:14662-1
OPENSUSE-SU-2026:10005-1
PYSEC-2023-12
RHSA-2023:2097
RHSA-2023:2101
RLSA-2023:2097
SUSE-SU-2024:2545-1
USN-5837-1
USN-5837-2

Affected Products

Alt Linux
Astra Linux
Django
Linuxmint
Rocky Linux
Suse
Ubuntu