Описание
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
Отчет
This issue affects the versions of python-django as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and 3, as it contains the vulnerable code. This issue affects Red Hat Update Infrastructure for Cloud Providers, but the vulnerable functions in python-django are currently not used in any part of the Product. This issue does not affect Red Hat Satellite as the vulnerable functions in python-django are not used. Red Hat OpenStack Platform:
- This issue affects all versions of python-django shipped with Red Hat Openstack Platform versions 9-15, as it contains the vulnerable code.
- Because the flaw's impact is Medium, it will not be fixed in Red Hat Openstack Platform 9 which is retiring 8/24.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | calamari-server | Not affected | ||
| Red Hat Ceph Storage 2 | python-django | Affected | ||
| Red Hat Ceph Storage 3 | python-django | Affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 7 | python-django | Affected | ||
| Red Hat OpenStack Platform 10 (Newton) | python-django | Will not fix | ||
| Red Hat OpenStack Platform 14 (Rocky) | python-django | Out of support scope | ||
| Red Hat OpenStack Platform 9 (Mitaka) | python-django | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) Operational Tools | python-django | Will not fix | ||
| Red Hat Satellite 6 | python-django | Not affected | ||
| Red Hat Storage 3 | python-django | Affected |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...
Уязвимость функции jango.utils.encoding.uri_to_iri фреймворка для веб-разработки Django, позволяющая нарушителю вызвать отказ в обслуживании
5.3 Medium
CVSS3