Lucene search

GoogleOSV:BIT-DJANGO-2022-41323

HistoryMar 06, 2024 - 10:52 a.m.

BIT-django-2022-41323

2024-03-0610:52:25

Google

osv.dev

django

internationalized urls

denial of service

locale parameter

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

JSON

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

CPENameOperatorVersion
djangoge4.0.0
djangoge3.2.0
djangolt3.2.16
djangolt4.0.8
djangoge4.1.0
djangolt4.1.2

Name	Operator	Version
django	ge	4.0.0
django	ge	3.2.0
django	lt	3.2.16
django	lt	4.0.8
django	ge	4.1.0
django	lt	4.1.2

References

docs.djangoproject.com/en/4.0/releases/security/

github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924

groups.google.com/forum/#%21forum/django-announce

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/

security.netapp.com/advisory/ntap-20221124-0001/

www.djangoproject.com/weblog/2022/oct/04/security-releases/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

JSON

Related for OSV:BIT-DJANGO-2022-41323