Vulnerability CVE-2022-41323: Information

Description

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-41323
Published: Oct. 16, 2022
Modified: Nov. 7, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
python3-module-djangosisyphus3.2.16-alt14.2.11-alt1ALT-PU-2022-2753-1308239Fixed
python3-module-djangosisyphus_e2k3.2.16-alt14.2.11-alt1ALT-PU-2022-6588-1-Fixed
python3-module-djangosisyphus_riscv643.2.16-alt14.2.11-alt1ALT-PU-2022-6501-1-Fixed
python3-module-djangop103.2.16-alt13.2.23-alt1ALT-PU-2022-2836-1308240Fixed
python3-module-djangop10_e2k3.2.16-alt13.2.23-alt1ALT-PU-2022-6537-1-Fixed
python3-module-djangoc10f13.2.16-alt13.2.25-alt1ALT-PU-2022-2836-1308240Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://docs.djangoproject.com/en/4.0/releases/security/
  • Release Notes
  • Vendor Advisory
https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924
  • Patch
  • Third Party Advisory
https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20221124-0001/
  • Third Party Advisory
https://groups.google.com/forum/#%21forum/django-announce
    FEDORA-2023-3d775d93be
      FEDORA-2023-bde7913e5a
        FEDORA-2023-a74513bda8
          FEDORA-2023-8fed428c5e
            FEDORA-2023-a53ab7c969

                1. Configuration 1

                  cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
                  Start including
                  3.2
                  End excliding
                  3.2.16
                  cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
                  Start including
                  4.1
                  End excliding
                  4.1.2
                  cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
                  Start including
                  4.0
                  End excliding
                  4.0.8
              VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
              Version: v24.4.2
              Back to top