Django potential denial of service vulnerability in UsernameField on Windows

🗓️ 02 Nov 2023 06:30:25Reported by GitHub Advisory DatabaseType

Django potential denial of service vulnerability in UsernameField on Windows. NFKC normalization slow, leading to potential DoS attac

Reporter	Title	Published	Views	Family All 30
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.6.5 fixes multiple security vulnerabilities	26 Mar 202503:58	–	ibm
ATTACKERKB	CVE-2023-46695	2 Nov 202306:15	–	attackerkb
Circl	CVE-2023-46695	2 Nov 202311:22	–	circl
CNNVD	Django Security Vulnerabilities	1 Nov 202300:00	–	cnnvd
CVE	CVE-2023-46695	2 Nov 202300:00	–	cve
Cvelist	CVE-2023-46695	2 Nov 202300:00	–	cvelist
Debian CVE	CVE-2023-46695	2 Nov 202300:00	–	debiancve
Hacker One	Internet Bug Bounty: CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows	20 Nov 202321:26	–	hackerone
NVD	CVE-2023-46695	2 Nov 202306:15	–	nvd
OpenVAS	Django < 3.2.23, 4.1.x < 4.1.13, 4.2.x < 4.2.7 DoS Vulnerability - Windows	7 Nov 202300:00	–	openvas

Vulners

Node

django_project djangoRange4.2a1–4.2.7pip

django_project djangoRange4.1a1–4.1.13pip

django_project djangoRange3.2a1–3.2.23pip

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-46695
groups	www.groups.google.com/forum/
github	www.github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
github	www.github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
github	www.github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
github	www.github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
groups	www.groups.google.com/forum/
docs	www.docs.djangoproject.com/en/4.2/releases/security
security	www.security.netapp.com/advisory/ntap-20231214-0001
djangoproject	www.djangoproject.com/weblog/2023/nov/01/security-releases

20 Sep 2024 16:05Current

7.1High risk

Vulners AI Score7.1

CVSS 3.17.5

EPSS0.03582