Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-23969

Опубликовано: 01 фев. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 2python-djangoAffected
Red Hat Ceph Storage 3python-djangoOut of support scope
Red Hat OpenStack Platform 13 (Queens)python-djangoOut of support scope
Red Hat OpenStack Platform 16.1python-django20Will not fix
Red Hat OpenStack Platform 16.2python-django20Will not fix
Red Hat OpenStack Platform 17.0python-djangoWill not fix
Red Hat Satellite 6satellite-capsule:el8/python-djangoAffected
Red Hat Satellite 6satellite:el8/python-djangoAffected
Red Hat Storage 3python-djangoAffected
Red Hat Update Infrastructure 3 for Cloud Providerspython-djangoWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2166457python-django: Potential denial-of-service via Accept-Language headers

EPSS

Процентиль: 81%
0.01645
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-23969

CVSS3: 7.5
ubuntu
больше 2 лет назад

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

nvd логотип

CVE-2023-23969

CVSS3: 7.5
nvd
больше 2 лет назад

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

debian логотип

CVE-2023-23969

CVSS3: 7.5
debian
больше 2 лет назад

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, t ...

github логотип

GHSA-q2jf-h9jm-m7p4

CVSS3: 7.5
github
больше 2 лет назад

Django contains Uncontrolled Resource Consumption via cached header

fstec логотип

BDU:2023-00662

CVSS3: 4.7
fstec
больше 2 лет назад

Уязвимость программной платформы для веб-приложений Django, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 81%
0.01645
Низкий

7.5 High

CVSS3