Описание
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:1.11.11-1ubuntu1.19 |
| devel | released | 3:3.2.16-1ubuntu2 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | not-affected | 1:1.11.11-1ubuntu1.19 |
| esm-infra/focal | not-affected | 2:2.2.12-1ubuntu0.15 |
| esm-infra/xenial | released | 1.8.7-1ubuntu5.15+esm6 |
| focal | released | 2:2.2.12-1ubuntu0.15 |
| jammy | released | 2:3.2.12-2ubuntu1.4 |
| kinetic | released | 3:3.2.15-1ubuntu1.1 |
| lunar | released | 3:3.2.16-1ubuntu2 |
Показывать по
7.5 High
CVSS3
Связанные уязвимости
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, t ...
Django contains Uncontrolled Resource Consumption via cached header
Уязвимость программной платформы для веб-приложений Django, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3