Описание
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:1.11.11-1ubuntu1.15 |
| devel | released | 2:3.2.11-1 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | not-affected | 1:1.11.11-1ubuntu1.15 |
| esm-infra/focal | not-affected | 2:2.2.12-1ubuntu0.9 |
| esm-infra/xenial | needed | |
| focal | released | 2:2.2.12-1ubuntu0.9 |
| hirsute | released | 2:2.2.20-1ubuntu0.4 |
| impish | released | 2:2.2.24-1ubuntu1.2 |
| jammy | released | 2:3.2.11-1 |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...
Уязвимость компонента UserAttributeSimilarityValidator фреймворка для веб-разработки Django, позволяющая нарушителю выполнить отказ в обслуживании
5 Medium
CVSS2
7.5 High
CVSS3