Описание
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
A vulnerability was discovered in the Django package, where NFKC normalization could take a significant time. This flaw allows a remote, unauthenticated attacker to cause a denial of service by submitting inputs with a large number of Unicode characters.
Отчет
Only Windows environments are impacted by this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | python-django | Not affected | ||
| Red Hat OpenStack Platform 16.1 | python-django20 | Not affected | ||
| Red Hat OpenStack Platform 16.2 | python-django20 | Not affected | ||
| Red Hat OpenStack Platform 17.1 | python-django | Not affected | ||
| Red Hat OpenStack Platform 18.0 | python-django | Not affected | ||
| Red Hat Satellite 6 | python-django | Not affected | ||
| Red Hat Storage 3 | python-django | Affected | ||
| Red Hat Update Infrastructure 4 for Cloud Providers | python-django | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13 ...
Django potential denial of service vulnerability in UsernameField on Windows
Уязвимость программной платформы для веб-приложений Django, связанная c неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании (DoS)
7.5 High
CVSS3