7.5
CVSSv3

CVE-2019-14235

Published: 02/08/2019 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

An issue exists in Django 1.11.x prior to 1.11.23, 2.1.x prior to 2.1.11, and 2.2.x prior to 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

djangoproject django

opensuse leap 15.1

Vendor Advisories

Synopsis Moderate: python-django security update Type/Severity Security Advisory: Moderate Topic An update for python-django is now available for Red Hat OpenStack Platform15 (Stein)Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: python-django security update Type/Severity Security Advisory: Moderate Topic An update for python-django is now available for Red Hat OpenStack Platform13 (Queens)Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System ...
Debian Bug report logs - #934026 python-django: CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Package: python-django; Maintainer for python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-django is src:python-django (PTS, buildd, popcon) Reported by: "Chris ...
Several security issues were fixed in Django ...
Several vulnerabilities were discovered in python-django, a web development framework They could lead to remote denial-of-service or SQL injection, For the oldstable distribution (stretch), these problems have been fixed in version 1:1107-2+deb9u6 For the stable distribution (buster), these problems have been fixed in version 11123-1~deb10u1 ...
If passed certain inputs, djangoutilsencodinguri_to_iri() could lead to significant memory usage due to excessive recursion when re-percent encoding invalid UTF-8 octet sequences ...

Mailing Lists

<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Django security releases issued: Multiple CVEs <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Carlton Gibson &lt ...