View all vulnerabilities

CVE-2023-41164

Django Denial of service vulnerability in django.utils.encoding.uri_to_iri

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
5.3
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Versions
django >= 3.2 < 3.2.21; django >= 4.1 < 4.1.11; django >= 4.2 < 4.2.5
Severity
Medium
Ecosystem
Python
Publish Date
November 3, 2023
Modified Date
February 21, 2025