Denial of Service Vulnerability in Django
CVE-2022-41323

7.5HIGH

Key Information:

Vendor: Djangoproject
Status: Django
Vendor: CVE Published:; 16 October 2022

🔔 Create Djangoproject Vulnerability Alert

What is CVE-2022-41323?

The vulnerability in Django allows an attacker to exploit internationalized URLs through the locale parameter, which is processed as a regular expression. This may lead to a denial of service condition, affecting the availability of the application. The issue is present in Django versions 3.2 prior to 3.2.16, 4.0 prior to 4.0.8, and 4.1 prior to 4.1.2, allowing unauthorized requests to overwhelm server resources and disrupt user access.

References

https://groups.google.com/forum/#%21forum/django-announce

https://docs.djangoproject.com/en/4.0/releases/security/

https://www.djangoproject.com/weblog/2022/oct/04/security...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2022
Vulnerability Reserved
Sep 23, 2022

JSON