Lucene search
PRIOn knowledge basePRION:CVE-2023-23969HistoryFeb 01, 2023 - 7:15 p.m.
Code injection
2023-02-0119:15:00
PRIOn knowledge base
www.prio-n.com
6
django
code injection
security issue
denial-of-service
accept-language headers
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
References
docs.djangoproject.com/en/4.1/releases/security/
groups.google.com/forum/
lists.debian.org/debian-lts-announce/2023/02/msg00000.html
lists.fedoraproject.org/archives/list/[email protected]/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
lists.fedoraproject.org/archives/list/[email protected]/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
security.netapp.com/advisory/ntap-20230302-0007/
www.djangoproject.com/weblog/2023/feb/01/security-releases/
Related
nessus
nessus
FreeBSD : Django -- multiple vulnerabilities (c49a880d-a5bb-11ed-aab5-080027de9982)
2023-02-05 00:00:00
Debian DLA-3306-1 : python-django - LTS security update
2023-02-01 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Django vulnerability (USN-5837-1)
2023-02-01 00:00:00
freebsd
freebsd
Django -- multiple vulnerabilities
2023-02-01 00:00:00
osv
osv
CVE-2023-23969
2023-02-01 19:15:08
python-django vulnerability
2023-02-01 15:22:08
python-django - security update
2023-02-01 00:00:00
debian
debian
[SECURITY] [DLA 3306-1] python-django security update
2023-02-01 22:00:04
[SECURITY] [DSA 5465-1] python-django security update
2023-08-03 20:45:41
cve
cve
CVE-2023-23969
2023-02-01 19:15:08
redhatcve
redhatcve
CVE-2023-23969
2023-02-01 21:37:28
ubuntucve
ubuntucve
CVE-2023-23969
2023-02-01 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3306-1)
2023-02-02 00:00:00
github
github
Django contains Uncontrolled Resource Consumption via cached header
2023-02-01 21:30:23
cvelist
cvelist
CVE-2023-23969
2023-02-01 00:00:00
nvd
nvd
CVE-2023-23969
2023-02-01 19:15:08
ubuntu
ubuntu
Django vulnerability
2023-02-01 00:00:00
Django vulnerability
2023-02-01 00:00:00
debiancve
debiancve
CVE-2023-23969
2023-02-01 19:15:08
veracode
veracode
Denial Of Service (DoS)
2023-02-03 21:03:14
alpinelinux
alpinelinux
CVE-2023-23969
2023-02-01 19:15:08
altlinux
altlinux
mageia
mageia
Updated python-django packages fix security vulnerability
2023-02-07 03:06:39
redhat
redhat
(RHSA-2023:2101) Moderate: RHUI 4.4.0 release - Security Fixes, Bug Fixes, and Enhancements Update
2023-05-03 14:52:25
(RHSA-2023:2097) Important: Satellite 6.13 Release
2023-05-03 13:09:51
fedora
fedora
[SECURITY] Fedora 38 Update: python-django-4.0.10-1.fc38
2023-04-28 02:37:47
[SECURITY] Fedora 37 Update: python-django-4.0.10-1.fc37
2023-04-28 02:04:16
ibm
ibm
rocky
rocky
Satellite 6.13 Release
2023-05-05 15:39:58