PT-2023-4169 · Django+6 · Django+6

Seokchan Yoon

·

Published

2023-06-20

·

Updated

2026-01-03

·

CVE-2023-36053

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Django versions 3.2 through 3.2.19 Django versions 4 through 4.1.9 Django versions 4.2 through 4.2.2
Description The issue is related to the EmailValidator and URLValidator components in the Django web application platform. It involves the use of a regular expression with inefficient computational complexity when processing domain name labels in emails and URLs. This could allow a remote attacker to cause a denial of service. The vulnerability is subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
Recommendations For Django versions 3.2 through 3.2.19, update to version 3.2.20 or later. For Django versions 4 through 4.1.9, update to version 4.1.10 or later. For Django versions 4.2 through 4.2.2, update to version 4.2.3 or later. As a temporary workaround, consider restricting the use of the EmailValidator and URLValidator components until a patch is available.

Fix

DoS

Weakness Enumeration

CWE-1333

Related Identifiers

ALT-PU-2023-4362
ALT-PU-2023-4363
ALT-PU-2023-4380
BDU:2023-04481
BIT-DJANGO-2023-36053
CVE-2023-36053
DLA-3500-1
DSA-5465-1
GHSA-JH3W-4VVF-MJGR
MGASA-2023-0330
OESA-2023-1440
OPENSUSE-SU-2023:0174-1
OPENSUSE-SU-2023:0176-1
OPENSUSE-SU-2023:0177-1
OPENSUSE-SU-2023:0178-1
OPENSUSE-SU-2024:13044-1
OPENSUSE-SU-2024:14208-1
OPENSUSE-SU-2026:10005-1
PYSEC-2023-100
RHSA-2023:4692
RHSA-2023:4693
RHSA-2023:5931
RHSA-2023:6818
RHSA-2024:0212
RHSA-2024:1878
RLSA-2023:6818
SUSE-SU-2023:2839-1
SUSE-SU-2023:3167-1
SUSE-SU-2023:3202-1
USN-6203-1
USN-6203-2

Affected Products

Alt Linux
Astra Linux
Django
Linuxmint
Red Os
Rocky Linux
Ubuntu