Lucene search
K

1912 matches found

Cvelist
Cvelist
added 2023/02/09 12:0 a.m.45 views

CVE-2023-22796

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.6AI score0.01712EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/02/05 12:0 a.m.30 views

FreeBSD : Django -- multiple vulnerabilities (c49a880d-a5bb-11ed-aab5-080027de9982)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c49a880d-a5bb-11ed-aab5-080027de9982 advisory. - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of...

7.5CVSS6.9AI score0.47102EPSS
Exploits0References3
Veracode
Veracode
added 2023/02/03 9:3 p.m.59 views

Denial Of Service (DoS)

Django is vulnerable to Denial Of Service DoS. The vulnerability exists because transreal.py caches the Accept-Language headers, allowing an attacker to cause an application crash via excessive memory usage if the value of the Accept-Language headers are very large...

7.5CVSS7.4AI score0.47102EPSS
Exploits0References15Affected Software4
RedhatCVE
RedhatCVE
added 2023/02/01 9:37 p.m.26 views

CVE-2023-23969

A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent...

7.5CVSS7.2AI score0.47102EPSS
Exploits0References9
OSV
OSV
added 2023/02/01 9:30 p.m.2 views

GHSA-Q2JF-H9JM-M7P4 Django contains Uncontrolled Resource Consumption via cached header

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

8.7CVSS6.8AI score0.47102EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2023/02/01 9:30 p.m.34 views

Django contains Uncontrolled Resource Consumption via cached header

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.5CVSS7.4AI score0.47102EPSS
Exploits0References13Affected Software1
OSV
OSV
added 2023/02/01 7:15 p.m.24 views

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.5CVSS7.3AI score
Exploits0References7
PyPA
PyPA
added 2023/02/01 7:15 p.m.6 views

PYSEC-2023-12

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.5CVSS6.8AI score0.47102EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/02/01 6:15 p.m.6 views

CVE-2023-22664

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note:...

7.5CVSS7.1AI score
Exploits0References1
OSV
OSV
added 2023/02/01 6:15 p.m.6 views

CVE-2023-23552

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource...

7.5CVSS7.1AI score0.01545EPSS
Exploits0References1
CVE
CVE
added 2023/02/01 5:56 p.m.62 views

CVE-2023-22664

This CVE concerns F5 BIG-IP: when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, an undisclosed request can cause memory resource utilization to spike, potentially degrading performance or DoS. Affected versions include BIG-IP 17.0.x before 17.0.0.2,...

7.5CVSS7.7AI score0.00626EPSS
Exploits0References1Affected Software12
UbuntuCve
UbuntuCve
added 2023/02/01 10:0 a.m.35 views

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.5CVSS6.8AI score0.47102EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.3 views

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.4AI score0.47102EPSS
Exploits0References7
CVE
CVE
added 2023/02/01 12:0 a.m.238 views

CVE-2023-23969

CVE-2023-23969 affects Django: parsing of Accept-Language headers is cached, enabling potential DoS via memory exhaustion if a very large header is received. Affected versions are Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6. Mitigation is to upgrade to fixed releases (3.2.17+...

7.5CVSS7.3AI score0.47102EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.48 views

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.7AI score0.47102EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2023/02/01 12:0 a.m.49 views

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.5CVSS7.5AI score0.47102EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/02/01 12:0 a.m.34 views

Debian dla-3306 : python-django - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3306 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3306-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS7AI score0.47102EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/02/01 12:0 a.m.35 views

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.5CVSS7AI score0.47102EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.7 views

PT-2023-1350 · Django +6 · Django +6

Name of the Vulnerable Software and Affected Versions: Django versions 3.2 through 3.2.16 Django versions 4.0 through 4.0.8 Django versions 4.1 through 4.1.5 Description: The issue is related to the handling of the Accept-Language header in Django, which can lead to excessive memory usage and a...

9.8CVSS6.2AI score0.87218EPSS
Exploits29References153
Positive Technologies
Positive Technologies
added 2023/01/18 12:0 a.m.8 views

PT-2023-18702 · Ruby +5 · Ruby +5

Name of the Vulnerable Software and Affected Versions: Active Support versions prior to 6.1.7.1 Active Support versions prior to 7.0.4.1 Description: The issue is related to insufficient input validation in the Inflector.underscore method, which can lead to a regular expression based DoS...

9.8CVSS6AI score0.04808EPSS
Exploits10References92
Rows per page
Query Builder