Описание
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | released | 3.2.15-1ubuntu1 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | released | 2:2.2.12-1ubuntu0.14 |
| esm-infra/xenial | not-affected | code not present |
| focal | released | 2:2.2.12-1ubuntu0.14 |
| jammy | released | 2:3.2.12-2ubuntu1.3 |
| kinetic | released | 3.2.15-1ubuntu1 |
| trusty | ignored | end of standard support |
Показывать по
7.5 High
CVSS3
Связанные уязвимости
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, i ...
Django denial-of-service vulnerability in internationalized URLs
Уязвимость программной платформы для веб-приложений Django, связанная с недостаточной обработкой регулярных выражений, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3