Published: 02/11/2023 Updated: 14/12/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

An issue exists in Django 3.2 prior to 3.2.23, 4.1 prior to 4.1.13, and 4.2 prior to 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
djangoproject django

DescriptionA vulnerability was discovered in the Django package, where NFKC normalization could take a significant time This flaw allows a remote, unauthenticated attacker to cause a denial of service by submitting inputs with a large number of Unicode charactersA vulnerability was discovered in the Django package, where NFKC normalization ...

Check Point Reference: CPAI-2023-1649 Date Published: 18 Apr 2024 Severity: High ...

CWE-770 https://docs.djangoproject.com/en/4.2/releases/security/https://www.djangoproject.com/weblog/2023/nov/01/security-releases/https://groups.google.com/forum/#%21forum/django-announce https://security.netapp.com/advisory/ntap-20231214-0001/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-46695 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1649.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-46695

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect