Denial-of-Service Vulnerability in Django Web Framework
CVE-2023-23969

7.5HIGH

Key Information:

Vendor: Djangoproject
Status: Django
Vendor: CVE Published:; 1 February 2023

🔔 Create Djangoproject Vulnerability Alert

What is CVE-2023-23969?

Certain versions of the Django web framework, specifically 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, exhibit a vulnerability due to the caching of parsed Accept-Language headers. This caching mechanism is intended to enhance performance by avoiding repetitive parsing. However, when excessively large raw values are provided within the Accept-Language headers, it can lead to significant memory consumption. Such a scenario poses a risk of Denial-of-Service, as it might exhaust server resources, potentially impacting application availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://groups.google.com/forum/#%21forum/django-announce

https://docs.djangoproject.com/en/4.1/releases/security/

https://www.djangoproject.com/weblog/2023/feb/01/security...

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Jan 20, 2023

JSON

Djangoproject

What is CVE-2023-23969?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.