CVE-2023-46695

Name of the Vulnerable Software and Affected Versions Django versions 3.2 before 3.2.23 Django versions 4.1 before 4.1.13 Django versions 4.2 before 4.2.7

Description The issue is related to the NFKC normalization being slow on Windows, which can lead to a potential denial of service (DoS) attack via certain inputs with a very large number of Unicode characters. This affects the django.contrib.auth.forms.UsernameField, making it subject to exploitation. The vulnerability is related to unlimited resource allocation, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For Django versions 3.2 before 3.2.23, update to version 3.2.23 or later to resolve the issue. For Django versions 4.1 before 4.1.13, update to version 4.1.13 or later to resolve the issue. For Django versions 4.2 before 4.2.7, update to version 4.2.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the UsernameField in the affected versions to minimize the risk of exploitation.