Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-41323

Опубликовано: 04 окт. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

A denial of service flaw was discovered in Django. This issue occurs when incorrectly handling certain internationalized URLs. A malicious attacker could use this issue to cause a crash, resulting in a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 2python-djangoAffected
Red Hat Ceph Storage 3python-djangoNot affected
Red Hat OpenStack Platform 13 (Queens)python-djangoNot affected
Red Hat OpenStack Platform 16.1python-django20Not affected
Red Hat OpenStack Platform 16.2python-django20Not affected
Red Hat Satellite 6satellite-capsule:el8/python-djangoAffected
Red Hat Satellite 6satellite:el8/python-djangoAffected
Red Hat Storage 3python-djangoNot affected
Red Hat Update Infrastructure 3 for Cloud Providerspython-djangoNot affected
Red Hat Satellite 6.13 for RHEL 8python-djangoFixedRHSA-2023:209703.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2136130python-django: Potential denial-of-service vulnerability in internationalized URLs

EPSS

Процентиль: 90%
0.06166
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-41323

CVSS3: 7.5
ubuntu
больше 2 лет назад

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

nvd логотип

CVE-2022-41323

CVSS3: 7.5
nvd
больше 2 лет назад

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

debian логотип

CVE-2022-41323

CVSS3: 7.5
debian
больше 2 лет назад

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, i ...

github логотип

GHSA-qrw5-5h28-6cmg

CVSS3: 7.5
github
больше 2 лет назад

Django denial-of-service vulnerability in internationalized URLs

fstec логотип

BDU:2023-09097

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость программной платформы для веб-приложений Django, связанная с недостаточной обработкой регулярных выражений, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 90%
0.06166
Низкий

7.5 High

CVSS3