An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14.
get_supported_language_variant() was subject to a potential
denial-of-service attack when used with very long strings containing
specific characters.
Author | Note |
---|---|
alexmurray | upstream advises that only versions 4.2, 5.0 and 5.1 (plus main development branch) are affected but it is likely earlier versions may also be affected but upstream do not mention this as they are no longer maintained by them |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | python-django | < 1:1.11.11-1ubuntu1.21+esm5 | UNKNOWN |
ubuntu | 20.04 | noarch | python-django | < 2:2.2.12-1ubuntu0.23 | UNKNOWN |
ubuntu | 22.04 | noarch | python-django | < 2:3.2.12-2ubuntu1.12 | UNKNOWN |
ubuntu | 23.10 | noarch | python-django | < 3:4.2.4-1ubuntu2.3 | UNKNOWN |
ubuntu | 24.04 | noarch | python-django | < 3:4.2.11-1ubuntu1.1 | UNKNOWN |
ubuntu | 14.04 | noarch | python-django | < any | UNKNOWN |
ubuntu | 16.04 | noarch | python-django | < any | UNKNOWN |