Lucene search
+L

332 matches found

OSV
OSV
added 2023/02/01 12:59 p.m.6 views

USN-5837-1 python-django vulnerability

Nick Pope discovered that Django incorrectly handled certain Accept-Language headers. A remote attacker could possibly use this issue to cause Django to consume memory, leading to a denial of service...

7.5CVSS6.9AI score0.47102EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/02/01 10:0 a.m.35 views

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.5CVSS6.8AI score0.47102EPSS
Exploits0References4
OSV
OSV
added 2023/02/01 10:0 a.m.3 views

UBUNTU-CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.5CVSS6.8AI score0.47102EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.51 views

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.7AI score0.47102EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.18 views

Django 安全漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system and so on. A security vulnerability exists in Django version 3.2 up to and including version 3.2.17, version...

7.5CVSS6.8AI score0.47102EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2023/02/01 12:0 a.m.78 views

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.5CVSS7AI score0.47102EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.3 views

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.4AI score0.47102EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/02/01 12:0 a.m.17 views

Ubuntu 16.04 ESM : Django vulnerability (USN-5837-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5837-2 advisory. USN-5837-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding description...

7.5CVSS7AI score0.47102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.7 views

PT-2023-1350

Name of the Vulnerable Software and Affected Versions Django versions 3.2 through 3.2.16 Django versions 4.0 through 4.0.8 Django versions 4.1 through 4.1.5 Description The issue is related to the handling of the Accept-Language header in Django, which can lead to excessive memory usage and a...

8.7CVSS6.7AI score0.47102EPSS
Exploits0References173
FreeBSD
FreeBSD
added 2023/02/01 12:0 a.m.32 views

Django -- multiple vulnerabilities

Django reports: CVE-2023-23969: Potential denial-of-service via Accept-Language headers...

7.5CVSS7.7AI score0.47102EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/11/15 1:20 p.m.5 views

golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension

A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...

7.5CVSS7.1AI score0.02297EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/10/25 9:7 a.m.5 views

golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension

A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...

7.5CVSS7.1AI score0.02297EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/10/25 9:7 a.m.8 views

golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag

A flaw was found in golang.org. In x/text, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag...

7.5CVSS7.3AI score0.01674EPSS
Exploits1References4
OSV
OSV
added 2022/10/14 7:0 p.m.37 views

GHSA-69CH-W2M2-3VJP golang.org/x/text/language Denial of service via crafted Accept-Language header

The BCP 47 tag parser has quadratic time complexity due to inherent aspects of its design. Since the parser is, by design, exposed to untrusted user input, this can be leveraged to force a program to consume significant time parsing Accept-Language headers. The parser cannot be easily rewritten t...

7.5CVSS7.6AI score0.01428EPSS
Exploits0References9
NVD
NVD
added 2022/10/14 3:15 p.m.26 views

CVE-2022-32149

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

7.5CVSS0.01428EPSS
Exploits0References5
OSV
OSV
added 2022/10/14 3:15 p.m.7 views

AZL-33583 CVE-2022-32149 affecting package gh for versions less than 2.13.0-22

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

7.5CVSS6.7AI score0.01428EPSS
Exploits0References1
OSV
OSV
added 2022/10/14 3:15 p.m.7 views

AZL-33608 CVE-2022-32149 affecting package libcontainers-common for versions less than 20210626-6

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

7.5CVSS6.7AI score0.01428EPSS
Exploits0References1
OSV
OSV
added 2022/10/14 3:15 p.m.4 views

DEBIAN-CVE-2022-32149

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

7.5CVSS6.9AI score0.01428EPSS
Exploits0References1
OSV
OSV
added 2022/10/14 3:15 p.m.12 views

AZL-39609 CVE-2022-32149 affecting package cri-o for versions less than 1.22.3-8

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

7.5CVSS6.9AI score0.01428EPSS
Exploits0References1
OSV
OSV
added 2022/10/14 3:15 p.m.10 views

AZL-33628 CVE-2022-32149 affecting package node-problem-detector for versions less than 0.8.17-2

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

7.5CVSS6.7AI score0.01428EPSS
Exploits0References1
Rows per page
Query Builder