332 matches found
USN-5837-1 python-django vulnerability
Nick Pope discovered that Django incorrectly handled certain Accept-Language headers. A remote attacker could possibly use this issue to cause Django to consume memory, leading to a denial of service...
CVE-2023-23969
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...
UBUNTU-CVE-2023-23969
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...
CVE-2023-23969
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...
Django 安全漏洞
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system and so on. A security vulnerability exists in Django version 3.2 up to and including version 3.2.17, version...
CVE-2023-23969
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...
CVE-2023-23969
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...
Ubuntu 16.04 ESM : Django vulnerability (USN-5837-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5837-2 advisory. USN-5837-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding description...
PT-2023-1350
Name of the Vulnerable Software and Affected Versions Django versions 3.2 through 3.2.16 Django versions 4.0 through 4.0.8 Django versions 4.1 through 4.1.5 Description The issue is related to the handling of the Accept-Language header in Django, which can lead to excessive memory usage and a...
Django -- multiple vulnerabilities
Django reports: CVE-2023-23969: Potential denial-of-service via Accept-Language headers...
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension
A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension
A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...
golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag
A flaw was found in golang.org. In x/text, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag...
GHSA-69CH-W2M2-3VJP golang.org/x/text/language Denial of service via crafted Accept-Language header
The BCP 47 tag parser has quadratic time complexity due to inherent aspects of its design. Since the parser is, by design, exposed to untrusted user input, this can be leveraged to force a program to consume significant time parsing Accept-Language headers. The parser cannot be easily rewritten t...
CVE-2022-32149
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
AZL-33583 CVE-2022-32149 affecting package gh for versions less than 2.13.0-22
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
AZL-33608 CVE-2022-32149 affecting package libcontainers-common for versions less than 20210626-6
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
DEBIAN-CVE-2022-32149
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
AZL-39609 CVE-2022-32149 affecting package cri-o for versions less than 1.22.3-8
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
AZL-33628 CVE-2022-32149 affecting package node-problem-detector for versions less than 0.8.17-2
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...