Skip to main content

Improper Validation of Specified Quantity in Input

CVE-2023-41164

Severity High
Score 7.5/10

Summary

In Django 3.2 through 3.2.20, 4.1 through 4.1.10, and 4.2 through 4.2.4, "django.utils.encoding.uri_to_iri()" is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-1284 - Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Advisory Timeline

  • Published