Описание
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | python38-django | Not affected | ||
| Red Hat Ansible Automation Platform 2 | python3-django | Affected | ||
| Red Hat Ceph Storage 2 | python-django | Out of support scope | ||
| Red Hat Ceph Storage 3 | python-django | Affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 7 | python-django | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | python2-django | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | python-django | Out of support scope | ||
| Red Hat OpenStack Platform 16.1 | python3-django20 | Will not fix | ||
| Red Hat OpenStack Platform 16.1 | python-django20 | Will not fix | ||
| Red Hat OpenStack Platform 16.2 | python3-django20 | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, Em ...
EPSS
7.5 High
CVSS3