Denial-of-Service Vulnerability in Django by the Django Software Foundation
CVE-2021-45115

7.5HIGH

Key Information:

Vendor

Djangoproject

Status
Django
Vendor
CVE Published:
5 January 2022

What is CVE-2021-45115?

A vulnerability has been identified in Django versions prior to 2.2.26, 3.2.11, and 4.0.1, affecting the UserAttributeSimilarityValidator. This issue arises when evaluating excessively large passwords in relation to the comparison values, especially in environments where user registration is unrestricted. An attacker could exploit this flaw by submitting large passwords, potentially leading to a denial-of-service condition.

References

https://groups.google.com/forum/#%21forum/django-announce
x_refsource_MISC
https://docs.djangoproject.com/en/4.0/releases/security/
x_refsource_MISC
https://www.djangoproject.com/weblog/2022/jan/04/security...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.