4 matches found
Internet Bug Bounty: CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows
A potential denial of service vulnerability was discovered in the UsernameField component in Django before versions 4.2.7, 4.1.13, and 3.2.23. The vulnerability allowed a denial of service attack via malformed input containing a large number of Unicode characters. The issue was addressed by...
GHSA-QMF9-6JQF-J8FQ Django potential denial of service vulnerability in UsernameField on Windows
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...
Django potential denial of service vulnerability in UsernameField on Windows
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...
PYSEC-2023-222
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...