View all vulnerabilities

CVE-2023-46695

Django potential denial of service vulnerability in UsernameField on Windows

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
7.5
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
django >= 3.2a1 < 3.2.23; django >= 4.1a1 < 4.1.13; django >= 4.2a1 < 4.2.7
Severity
High
Ecosystem
Python
Publish Date
November 2, 2023
Modified Date
September 20, 2024