Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-45115

Опубликовано: 05 янв. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.

РелизСтатусПримечание
bionic

released

1:1.11.11-1ubuntu1.15
devel

released

2:3.2.11-1
esm-infra-legacy/trusty

needed

esm-infra/bionic

released

1:1.11.11-1ubuntu1.15
esm-infra/focal

released

2:2.2.12-1ubuntu0.9
esm-infra/xenial

needed

focal

released

2:2.2.12-1ubuntu0.9
hirsute

released

2:2.2.20-1ubuntu0.4
impish

released

2:2.2.24-1ubuntu1.2
jammy

released

2:3.2.11-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 61%
0.00423
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-45115

CVSS3: 7.5
redhat
почти 4 года назад

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.

nvd логотип

CVE-2021-45115

CVSS3: 7.5
nvd
почти 4 года назад

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.

debian логотип

CVE-2021-45115

CVSS3: 7.5
debian
почти 4 года назад

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...

github логотип

GHSA-53qw-q765-4fww

CVSS3: 7.5
github
почти 4 года назад

Denial-of-service in Django

fstec логотип

BDU:2022-00352

CVSS3: 7.5
fstec
почти 4 года назад

Уязвимость компонента UserAttributeSimilarityValidator фреймворка для веб-разработки Django, позволяющая нарушителю выполнить отказ в обслуживании

EPSS

Процентиль: 61%
0.00423
Низкий

5 Medium

CVSS2

7.5 High

CVSS3