View all vulnerabilities

CVE-2023-36053

Django has regular expression denial of service vulnerability in EmailValidator/URLValidator

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, `EmailValidator` and `URLValidator` are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
7.5
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
django >= 3.2a1 < 3.2.20; django >= 4.0a1 < 4.1.10; django >= 4.2a1 < 4.2.3
Severity
High
Ecosystem
Python
Publish Date
July 3, 2023
Modified Date
February 21, 2025