CVE-2023-36053

EPSS 4.8%
Veröffentlicht 03.07.2023 13:15:09
Zuletzt bearbeitet 21.11.2024 08:09:14
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Djangoproject ≫ Django Version >= 3.2 < 3.2.20

Djangoproject ≫ Django Version >= 4.0 < 4.1.10

Djangoproject ≫ Django Version >= 4.2 < 4.2.3

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Debian ≫ Debian Linux Version12.0

Fedoraproject ≫ Fedora Version37

Fedoraproject ≫ Fedora Version38

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.8%	0.89

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

https://groups.google.com/forum/#%21forum/django-announce

Permissions Required

https://docs.djangoproject.com/en/4.2/releases/security/

Release Notes

https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/

Third Party Advisory

Mailing List