CVE-2023-43665
- EPSS 1.24%
- Veröffentlicht 03.11.2023 05:15:30
- Zuletzt bearbeitet 04.11.2025 18:15:41
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, ...
CVE-2023-41164
- EPSS 1.28%
- Veröffentlicht 03.11.2023 05:15:29
- Zuletzt bearbeitet 04.11.2025 18:15:41
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
CVE-2023-46695
- EPSS 49.77%
- Veröffentlicht 02.11.2023 06:15:08
- Zuletzt bearbeitet 21.11.2024 08:29:05
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attac...
CVE-2023-36053
- EPSS 2.98%
- Veröffentlicht 03.07.2023 13:15:09
- Zuletzt bearbeitet 04.11.2025 18:15:40
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
CVE-2023-31047
- EPSS 1.38%
- Veröffentlicht 07.05.2023 02:15:08
- Zuletzt bearbeitet 29.01.2025 16:15:42
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only t...
CVE-2023-24580
- EPSS 62.58%
- Veröffentlicht 15.02.2023 01:15:10
- Zuletzt bearbeitet 18.03.2025 20:15:18
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory...
CVE-2023-23969
- EPSS 47.1%
- Veröffentlicht 01.02.2023 19:15:08
- Zuletzt bearbeitet 27.03.2025 15:15:45
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the ra...
CVE-2022-41323
- EPSS 2.72%
- Veröffentlicht 16.10.2022 06:15:09
- Zuletzt bearbeitet 14.05.2025 15:15:49
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
CVE-2022-36359
- EPSS 0.66%
- Veröffentlicht 03.08.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 07:12:51
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filena...
CVE-2022-34265
- EPSS 73.27%
- Veröffentlicht 04.07.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 07:09:10
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and...