Описание
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Ссылки
- Patch
- Permissions Required
- PatchVendor Advisory
- Patch
- Permissions Required
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
Дефекты
Связанные уязвимости
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13 ...
Django potential denial of service vulnerability in UsernameField on Windows
Уязвимость программной платформы для веб-приложений Django, связанная c неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании (DoS)
EPSS
7.5 High
CVSS3