Improper Validation of Specified Quantity in Input
CVE-2023-41164
Summary
In Django 3.2 through 3.2.20, 4.1 through 4.1.10, and 4.2 through 4.2.4, "django.utils.encoding.uri_to_iri()" is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-1284 - Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
References
Advisory Timeline
- Published