Lucene search

K

Veracode Vulnerability DatabaseVERACODE:41130

HistoryJul 06, 2023 - 8:46 a.m.

Regular Expression Denial Of Service (ReDoS)

2023-07-0608:46:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

49.9%

django is vulnerable to Regular Expression Denial of Service (ReDoS). A remote attacker is able to cause denial of service conditions through the EmailValidator or URLValidator functions via submitting a large number of domain name labels of emails and URLs.

CPENameOperatorVersion
djangole4.2.2
djangole3.2.19
djangole4.1.9
python-django:bustereq1:1.11.29-1~deb10u1
python-djangoeq3.2.15__2.el9ap
python-djangoeq3.2.13__4.el9pc
python-djangoeq2.2.24__4.el9ost
python-djangoeq3.2.16__1.el9ap
python-djangoeq3.2.18__1.el9ap
python3x-djangoeq3.2.15__2.el8ap

Rows per page:

1-10 of 1401

References

docs.djangoproject.com/en/4.2/releases/security/

github.com/advisories/GHSA-jh3w-4vvf-mjgr

github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582

github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9

github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d

groups.google.com/forum/#!forum/django-announce

groups.google.com/forum/#%21forum/django-announce

lists.debian.org/debian-lts-announce/2023/07/msg00022.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/

lists.fedoraproject.org/archives/list/[email protected]/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/

lists.fedoraproject.org/archives/list/[email protected]/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/

www.debian.org/security/2023/dsa-5465

www.djangoproject.com/weblog/2023/jul/03/security-releases/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

49.9%

Related for VERACODE:41130

openvas14 freebsd1 osv8 ubuntucve1 github1 prion1 nessus19 redhatcve1 redhat6 debian2 ubuntu2 mageia1 redos1 debiancve1 cve1 cvelist1 fedora5 ibm1 rocky1