An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
References
Configurations
History
07 Nov 2023, 03:39
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2022-01-05 00:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-45115
Mitre link : CVE-2021-45115
CVE.ORG link : CVE-2021-45115
JSON object : View
Products Affected
fedoraproject
- fedora
djangoproject
- django
CWE