GHSA-JH3W-4VVF-MJGR Django has regular expression denial of service vulnerability in EmailValidator/URLValidator

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

GHSA-Q5QW-4364-5HHM Django Vulnerable to HTTP Response Splitting Attack

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...

The vulnerability of the URLValidator, validate_ipv4_address, and validate_ipv46_address functions of the Django web application software lies in insufficient validation of incoming requests, allowing attackers to compromise data integrity.

The vulnerability of the URLValidator, validateipv4address, and validateipv46address functions in the Django software framework relates to the absence of prohibition for leading zero characters in octal literals. Exploiting this vulnerability could allow a malicious actor to compromise data...

PYSEC-2021-8

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...

PT-2019-8300 · Pylons · Pylons Colander

Name of the Vulnerable Software and Affected Versions: Pylons Colander versions prior to 1.7 Description: The issue allows an attacker to potentially cause a denial of service via an unclosed parenthesis in the URL validator, which can lead to an infinite loop. Recommendations: For versions prior...

The vulnerability of the Apache Struts software platform, which allows a hacker to trigger a service failure

The vulnerability of the URLValidator class in the Apache Struts software framework exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to cause a service failure by using a null value in the URL field...

Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-04089)

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...

DEBIAN-CVE-2015-5144

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...

PYSEC-2015-10

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...

PYSEC-2015-10

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...