Lucene search
K

68 matches found

OSV
OSV
added 2024/08/07 3:30 p.m.6 views

GHSA-R836-HH6V-RG5G Django vulnerable to denial-of-service attack

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters...

6.9CVSS6.7AI score0.00954EPSS
Exploits0References9
OSV
OSV
added 2024/08/07 3:15 p.m.4 views

PYSEC-2024-69

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters...

7.5CVSS6.7AI score0.00954EPSS
Exploits0References4
PyPA
PyPA
added 2024/08/07 3:15 p.m.9 views

PYSEC-2024-69

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters...

7.5CVSS7AI score0.00954EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/08/06 4:21 p.m.6 views

USN-6946-1 python-django vulnerabilities

It was discovered that Django incorrectly handled certain strings in floatformat function. An attacker could possibly use this issue to cause a memory exhaustion. CVE-2024-41989 It was discovered that Django incorrectly handled very large inputs. An attacker could possibly use this issue to cause...

9.8CVSS6.8AI score0.01258EPSS
Exploits0References5
OSV
OSV
added 2024/08/06 1:0 p.m.2 views

UBUNTU-CVE-2024-41991

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters...

7.5CVSS6.8AI score0.00954EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/06 12:0 a.m.5 views

Django 安全漏洞

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django versions prior to 5.0 through 5.0.8 and 4.2 throug...

7.5CVSS6.5AI score0.00954EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/31 12:0 a.m.8 views

PT-2024-6155

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.14 Django versions 5.0 through 5.0.7 Description The issue is related to a potential denial-of-service attack in Django, specifically affecting the urlize and urlizetrunc template filters, and the...

7.8CVSS6.6AI score0.00954EPSS
Exploits0References155
RedHat Linux
RedHat Linux
added 2024/04/18 1:56 a.m.3 views

python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``

An uncontrolled resource consumption vulnerability was found in Django. Feeding certain inputs with a very large number of Unicode characters to the URI to IRI encoder function can lead to a denial of service...

7.5CVSS7.1AI score0.01284EPSS
Exploits0References5
OSV
OSV
added 2023/11/02 6:30 a.m.2 views

GHSA-QMF9-6JQF-J8FQ Django potential denial of service vulnerability in UsernameField on Windows

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...

8.7CVSS7.1AI score0.49774EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2023/10/16 3:39 p.m.3 views

python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``

An uncontrolled resource consumption vulnerability was found in Django. Feeding certain inputs with a very large number of Unicode characters to the URI to IRI encoder function can lead to a denial of service...

7.5CVSS7.1AI score0.01284EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/10/16 1:5 a.m.6 views

python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``

An uncontrolled resource consumption vulnerability was found in Django. Feeding certain inputs with a very large number of Unicode characters to the URI to IRI encoder function can lead to a denial of service...

7.5CVSS7.1AI score0.01284EPSS
Exploits0References5
OSV
OSV
added 2023/09/04 11:0 a.m.6 views

UBUNTU-CVE-2023-41164

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uritoiri is subject to a potential DoS denial of service attack via certain inputs with a very large number of Unicode characters...

7.5CVSS6.8AI score0.01284EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/02/22 12:0 a.m.5 views

markdown-it-py 安全漏洞

markdown-it-py is a Markdown parser open-sourced by Executable Books. A security vulnerability exists in markdown-it-py versions prior to v2.2.0, which stems from a denial of service that may result if an attacker is allowed to use invalid UTF-8 characters as input...

5.5CVSS5.7AI score0.00225EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.4 views

SUSE CVE-2010-1666

Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service application crash or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function...

6.8CVSS7.8AI score0.01665EPSS
Exploits1References2
OSV
OSV
added 2022/05/17 5:49 a.m.34 views

GHSA-CQMH-MPX2-G633 Improper Restriction of Operations within the Bounds of a Memory Buffer in python-cjson

Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service application crash or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function...

6.9CVSS7AI score0.01665EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/05/17 5:49 a.m.21 views

Improper Restriction of Operations within the Bounds of a Memory Buffer in python-cjson

Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service application crash or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function...

6.8CVSS7AI score0.01665EPSS
Exploits1References6Affected Software1
RedHat Linux
RedHat Linux
added 2022/05/10 1:24 p.m.3 views

ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string

The ntfs3g package is susceptible to a heap overflow on crafted unicode input. When processing NTFS unicode input, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS6.8AI score0.00461EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/09/30 7:6 p.m.6 views

ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string

The ntfs3g package is susceptible to a heap overflow on crafted unicode input. When processing NTFS unicode input, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS6.8AI score0.00461EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/09/30 4:59 p.m.2 views

ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string

The ntfs3g package is susceptible to a heap overflow on crafted unicode input. When processing NTFS unicode input, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS6.8AI score0.00461EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/09/06 3:4 p.m.31 views

CVE-2021-33286

The ntfs3g package is susceptible to a heap overflow on crafted unicode input. When processing NTFS unicode input, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.2AI score0.00461EPSS
Exploits0References4
Rows per page
Query Builder