Denial of Service Vulnerability in Django Authentication Forms
CVE-2023-46695

7.5HIGH

Key Information:

Vendor: Djangoproject
Status: Django
Vendor: CVE Published:; 2 November 2023

🔔 Create Djangoproject Vulnerability Alert

What is CVE-2023-46695?

A vulnerability exists in Django's authentication system where the NFKC normalization process is inefficient on Windows platforms. This inefficiency can lead to a Denial of Service (DoS) scenario if the django.contrib.auth.forms.UsernameField processes inputs containing an excessive number of Unicode characters. Attackers may exploit this flaw, causing a slowdown or crash of the application.

References

https://groups.google.com/forum/#%21forum/django-announce

https://docs.djangoproject.com/en/4.2/releases/security/

https://www.djangoproject.com/weblog/2023/nov/01/security...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2023
Vulnerability Reserved
Oct 25, 2023

JSON