Описание
Security update for python-Django
This update for python-Django fixes the following issues:
- CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator (boo#1212742)
Список пакетов
SUSE Package Hub 15 SP4
python3-Django-2.2.28-bp154.2.12.1
openSUSE Leap 15.4
python3-Django-2.2.28-bp154.2.12.1
Ссылки
- E-Mail link for openSUSE-SU-2023:0174-1
- SUSE Security Ratings
- SUSE Bug 1212742
- SUSE CVE CVE-2023-36053 page
Описание
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
Затронутые продукты
SUSE Package Hub 15 SP4:python3-Django-2.2.28-bp154.2.12.1
openSUSE Leap 15.4:python3-Django-2.2.28-bp154.2.12.1
Ссылки
- CVE-2023-36053
- SUSE Bug 1212742