CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

PYSEC-2023-12

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

CVE-2023-23552

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource...

CVE-2023-22664

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note:...

CVE-2023-22664

This CVE concerns F5 BIG-IP: when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, an undisclosed request can cause memory resource utilization to spike, potentially degrading performance or DoS. Affected versions include BIG-IP 17.0.x before 17.0.0.2,...

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

CVE-2023-23969

CVE-2023-23969 affects Django: parsing of Accept-Language headers is cached, enabling potential DoS via memory exhaustion if a very large header is received. Affected versions are Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6. Mitigation is to upgrade to fixed releases (3.2.17+...

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

PT-2023-1350 · Django +6 · Django +6

Name of the Vulnerable Software and Affected Versions: Django versions 3.2 through 3.2.16 Django versions 4.0 through 4.0.8 Django versions 4.1 through 4.1.5 Description: The issue is related to the handling of the Accept-Language header in Django, which can lead to excessive memory usage and a...

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

Debian dla-3306 : python-django - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3306 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3306-1 [email protected] https://www.debian.org/lts/security/...

PT-2023-18702 · Ruby +5 · Ruby +5

Name of the Vulnerable Software and Affected Versions: Active Support versions prior to 6.1.7.1 Active Support versions prior to 7.0.4.1 Description: The issue is related to insufficient input validation in the Inflector.underscore method, which can lead to a regular expression based DoS...

yaml package for Go can consume excessive amounts of CPU or memory

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...

DEBIAN-CVE-2022-3064

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...

Design/Logic Flaw

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...

CVE-2022-3064 Excessive resource consumption in gopkg.in/yaml.v2

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...

Go-Yaml 资源管理错误漏洞

Go-Yaml is a Yaml support for the Go language. It enables Go programs to easily encode and decode Yaml values. A security vulnerability exists in Go-Yaml, which stems from the fact that parsing malicious or large YAML documents may consume too much CPU or memory...

Stack overflow

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the strvals package can cause a stack overflow. In Go, a stack overflow cannot be recovered fro...