Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-23969

Published: 01/02/2023 Updated: 07/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Django

Vulnerability Summary

In Django 3.2 prior to 3.2.17, 4.0 prior to 4.0.9, and 4.1 prior to 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

djangoproject django

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: python-django: CVE-2023-23969 Potential denial-of-service via Accept-Language headers
Debian Bug report logs - #1030251 python-django: CVE-2023-23969 Potential denial-of-service via Accept-Language headers Package: python-django; Maintainer for python-django is Debian Python Team <team+python@trackerdebianorg>; Source for python-django is src:python-django (PTS, buildd, popcon) Reported by: "Chris Lamb" &lt ...
Red Hat: Important: Satellite 6.13 Release
Synopsis Important: Satellite 613 Release Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 613 The release contains anew version of Satellite and important security fixes ...
Red Hat: Moderate: RHUI 4.4.0 release - Security Fixes, Bug Fixes, and Enhancements Update
Synopsis Moderate: RHUI 440 release - Security Fixes, Bug Fixes, and Enhancements Update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An updated version of Red Hat Update Infrastructure (RHUI) is now available RHUI 4 ...
Debian Security Advisories: DSA-5465-1 python-django -- security update
Seokchan Yoon discovered that missing sanitising in the email and URL validators of Django, a Python web development framework, could result in denial of service For the oldstable distribution (bullseye), this problem has been fixed in version 2:2228-1~deb11u2 This update also addresses CVE-2023-23969, CVE-2023-31047 and CVE-2023-24580 For the ...
Red Hat:
Description<!---->A flaw was found in python-django The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing This leads to a potential denial of service vector via excessive memory usage if large header values are sentA flaw was found in python-django The parsed values of the Accept-Language headers are c ...

References

CWE-770https://docs.djangoproject.com/en/4.1/releases/security/https://www.djangoproject.com/weblog/2023/feb/01/security-releases/https://lists.debian.org/debian-lts-announce/2023/02/msg00000.htmlhttps://security.netapp.com/advisory/ntap-20230302-0007/https://groups.google.com/forum/#%21forum/django-announcehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030251https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5465
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook