Описание
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | windows only |
| esm-infra-legacy/trusty | not-affected | windows only |
| esm-infra/bionic | not-affected | windows only |
| esm-infra/focal | not-affected | windows only |
| esm-infra/xenial | not-affected | windows only |
| focal | not-affected | windows only |
| jammy | not-affected | windows only |
| lunar | not-affected | windows only |
| mantic | not-affected | windows only |
Показывать по
EPSS
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13 ...
Django potential denial of service vulnerability in UsernameField on Windows
Уязвимость программной платформы для веб-приложений Django, связанная c неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании (DoS)
EPSS
7.5 High
CVSS3