Vulnerability CVE-2023-46695: Information
Description
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| python3-module-django | sisyphus | 4.2.8-alt1 | 4.2.11-alt1 | ALT-PU-2023-8342-2 | 337270 | Fixed |
| python3-module-django | sisyphus_e2k | 4.2.8-alt1 | 4.2.11-alt1 | ALT-PU-2023-8358-1 | - | Fixed |
| python3-module-django | sisyphus_riscv64 | 4.2.8-alt1 | 4.2.11-alt1 | ALT-PU-2023-8350-1 | - | Fixed |
| python3-module-django | sisyphus_loongarch64 | 4.2.8-alt1 | 4.2.11-alt1 | ALT-PU-2023-8366-1 | - | Fixed |
| python3-module-django | p10 | 3.2.23-alt1 | 3.2.23-alt1 | ALT-PU-2023-8343-3 | 337271 | Fixed |
| python3-module-django | p10_e2k | 3.2.23-alt1 | 3.2.23-alt1 | ALT-PU-2023-8385-1 | - | Fixed |
| python3-module-django | c10f1 | 3.2.25-alt1 | 3.2.25-alt1 | ALT-PU-2024-3676-2 | 342286 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://docs.djangoproject.com/en/4.2/releases/security/ |
|
| https://www.djangoproject.com/weblog/2023/nov/01/security-releases/ |
|
| https://groups.google.com/forum/#%21forum/django-announce |
|
| https://security.netapp.com/advisory/ntap-20231214-0001/ |