In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
References
Configurations
History
07 Nov 2023, 04:08
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2023-02-01 19:15
Updated : 2024-02-28 19:51
NVD link : CVE-2023-23969
Mitre link : CVE-2023-23969
CVE.ORG link : CVE-2023-23969
JSON object : View
Products Affected
debian
- debian_linux
djangoproject
- django
CWE
CWE-770
Allocation of Resources Without Limits or Throttling