.avif)
View all vulnerabilities
CVE-2023-46695
Django potential denial of service vulnerability in UsernameField on Windows
Description
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
7.5
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
django >= 3.2a1 < 3.2.23; django >= 4.1a1 < 4.1.13; django >= 4.2a1 < 4.2.7
Severity
High
High
High
Ecosystem
Python
Publish Date
November 2, 2023
Modified Date
September 20, 2024