Lucene search
Alpine Linux Development TeamALPINE:CVE-2022-41323HistoryOct 16, 2022 - 6:15 a.m.
CVE-2022-41323
2022-10-1606:15:09
Alpine Linux Development Team
security.alpinelinux.org
21
django
denial of service
internationalized urls
cve-2022-41323
locale parameter
regular expression
unix
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.5
Confidence
High
EPSS
0.005
Percentile
75.7%
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | py3-django | <Â 3.2.16-r0 | UNKNOWN |
| Alpine | 3.16-community | noarch | py3-django | <Â 3.2.16-r0 | UNKNOWN |
| Alpine | 3.17-community | noarch | py3-django | <Â 3.2.16-r0 | UNKNOWN |
| Alpine | 3.18-community | noarch | py3-django | <Â 3.2.16-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | py3-django | <Â 3.2.16-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | py3-django | <Â 3.2.16-r0 | UNKNOWN |
Related
hackerone
hackerone
osv
osv
Django denial-of-service vulnerability in internationalized URLs
2022-10-16 12:00:23
PYSEC-2022-304
2022-10-16 06:15:00
BIT-django-2022-41323
2024-03-06 10:52:25
prion
prion
Code injection
2022-10-16 06:15:00
cvelist
cvelist
CVE-2022-41323
2022-10-16 00:00:00
cnvd
cnvd
Django denial of service vulnerability
2022-10-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5653-1)
2022-10-05 00:00:00
openSUSE: Security Advisory for python (openSUSE-SU-2023:0057-1)
2024-03-04 00:00:00
Mageia: Security Advisory (MGASA-2023-0026)
2023-03-28 00:00:00
redhatcve
redhatcve
CVE-2022-41323
2022-10-19 12:17:57
nessus
nessus
nvd
nvd
CVE-2022-41323
2022-10-16 06:15:09
altlinux
altlinux
freebsd
freebsd
Django -- multiple vulnerabilities
2022-09-23 00:00:00
ubuntu
ubuntu
Django vulnerability
2022-10-04 00:00:00
cve
cve
CVE-2022-41323
2022-10-16 06:15:09
debiancve
debiancve
CVE-2022-41323
2022-10-16 06:15:09
ubuntucve
ubuntucve
CVE-2022-41323
2022-10-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-10-18 02:26:30
github
github
Django denial-of-service vulnerability in internationalized URLs
2022-10-16 12:00:23
mageia
mageia
Updated python-django packages fix security vulnerability
2023-02-07 03:06:39
redhat
redhat
(RHSA-2023:0742) Low: RHUI 4.3.0 release - Security Fixes, Bug Fixes, and Enhancements Update
2023-02-13 11:53:09
(RHSA-2023:2097) Important: Satellite 6.13 Release
2023-05-03 13:09:51
fedora
fedora
[SECURITY] Fedora 37 Update: python-django3-3.2.18-1.fc37
2023-03-05 01:38:46
[SECURITY] Fedora 36 Update: python-django3-3.2.18-1.fc36
2023-03-05 00:54:12
[SECURITY] Fedora 38 Update: python-django3-3.2.18-1.fc38
2023-03-11 03:40:03
debian
debian
[SECURITY] [DSA 5254-1] python-django security update
2022-10-15 16:00:48
rocky
rocky
Satellite 6.13 Release
2023-05-05 15:39:58
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.5
Confidence
High
EPSS
0.005
Percentile
75.7%
Related for ALPINE:CVE-2022-41323