High severityNVD Advisory· Published Nov 2, 2023· Updated Aug 2, 2024
CVE-2023-46695
CVE-2023-46695
Description
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 3.2a1, < 3.2.23 | 3.2.23 |
DjangoPyPI | >= 4.1a1, < 4.1.13 | 4.1.13 |
DjangoPyPI | >= 4.2a1, < 4.2.7 | 4.2.7 |
Affected products
3- osv-coords2 versions
>= 3.2.0, < 3.2.23+ 1 more
- (no CPE)range: >= 3.2.0, < 3.2.23
- (no CPE)range: >= 3.2a1, < 3.2.23
Patches
Vulnerability mechanics
References
14- github.com/advisories/GHSA-qmf9-6jqf-j8fqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-46695ghsaADVISORY
- docs.djangoproject.com/en/4.2/releases/securityghsaWEB
- github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517fghsaWEB
- github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75eghsaWEB
- github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2bghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yamlghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/ghsaWEB
- security.netapp.com/advisory/ntap-20231214-0001ghsaWEB
- www.djangoproject.com/weblog/2023/nov/01/security-releasesghsaWEB
- docs.djangoproject.com/en/4.2/releases/security/mitre
- security.netapp.com/advisory/ntap-20231214-0001/mitre
- www.djangoproject.com/weblog/2023/nov/01/security-releases/mitre
News mentions
0No linked articles in our index yet.