CVE-2022-41323

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41323

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41323.json

Aliases

BIT-django-2022-41323
GHSA-qrw5-5h28-6cmg
PYSEC-2022-304

Related

DSA-5254-1
RLSA-2023:2097
USN-5653-1

Published

2022-10-16T06:15:09Z

Modified

2023-12-06T01:02:36.260330Z

Details

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

References

https://docs.djangoproject.com/en/4.0/releases/security/
https://security.netapp.com/advisory/ntap-20221124-0001/
https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924
https://groups.google.com/forum/#%21forum/django-announce
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/

Affected packages

Git / github.com/django/django

Affected ranges

Type: GIT
Repo: https://github.com/django/django
Events: Fixed

5b6b257fa7ec37ff27965358800c67e2dd11c924

Introduced

b6475d7d7940f3ce575e0b0f2d83e517f899b4cf

Introduced

c8eb9a7c451f7935a9eaafbb195acf2aa9fa867d

Introduced

67d0c4644acfd7707be4a31e8976f865509b09ac

Affected versions

3.*

3.2

3.2.1

3.2.10

3.2.11

3.2.12

3.2.13

3.2.14

3.2.15

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9