Description

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

Remediation

References

CVE-2023-41164

Related Vulnerabilities

WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0)

WordPress Plugin Media.net Ads Manager Arbitrary File Upload (2.10.13)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-2163)

Joomla Improper Certificate Validation Vulnerability (CVE-2017-11364)

TwistedHTTP Request Splitting Vulnerability (CVE-2020-10108)

Severity

High

Classification

CVE-2023-41164 CWE-1284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities