Denial of Service Vulnerability in Django
CVE-2022-41323

7.5HIGH

Key Information:

Vendor: Djangoproject
Status: Django
Vendor: CVE Published:; 16 October 2022

What is CVE-2022-41323?

The vulnerability in Django allows an attacker to exploit internationalized URLs through the locale parameter, which is processed as a regular expression. This may lead to a denial of service condition, affecting the availability of the application. The issue is present in Django versions 3.2 prior to 3.2.16, 4.0 prior to 4.0.8, and 4.1 prior to 4.1.2, allowing unauthorized requests to overwhelm server resources and disrupt user access.

References

https://groups.google.com/forum/#%21forum/django-announce

https://docs.djangoproject.com/en/4.0/releases/security/

https://www.djangoproject.com/weblog/2022/oct/04/security...

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2022
Vulnerability Reserved
Sep 23, 2022

Djangoproject

What is CVE-2022-41323?

References

EPSS Score

CVSS V3.1

Timeline