ReDoS Vulnerability in Django Email and URL Validators from Django Software
CVE-2023-36053

7.5HIGH

Key Information:

Vendor: Djangoproject
Status: Django
Vendor: CVE Published:; 3 July 2023

What is CVE-2023-36053?

Django versions prior to 3.2.20, 4.1.10, and 4.2.3 are susceptible to a Regular Expression Denial of Service (ReDoS) due to the EmailValidator and URLValidator. Attackers can exploit this vulnerability by crafting inputs with excessive domain name labels in emails and URLs, leading to significant processing delays, server resource exhaustion, and potential service unavailability. Users are urged to apply the latest security updates to mitigate this risk.

References

https://groups.google.com/forum/#%21forum/django-announce

https://docs.djangoproject.com/en/4.2/releases/security/

https://www.djangoproject.com/weblog/2023/jul/03/security...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 3, 2023
Vulnerability Reserved
Jun 20, 2023

Djangoproject

What is CVE-2023-36053?

References

CVSS V3.1

Timeline