Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-41164)

Description

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

Remediation

References

CVE-2023-41164

Related Vulnerabilities

MySQL CVE-2022-21489 Vulnerability (CVE-2022-21489)

Java Unspesificed Vulnerability (CVE-2019-2816)

WordPress Plugin YITH Product Size Charts for WooCommerce Security Bypass (1.1.11)

Envoy Proxy Use After Free Vulnerability (CVE-2021-43825)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5730)

Severity

High

Classification

CVE-2023-41164 CWE-1284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H