CVE-2023-23969

Django contains Uncontrolled Resource Consumption via cached header

Description

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

Python

Publish Date

February 1, 2023

Modified Date

December 5, 2023

Score Vector

Affected Versions