Description

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

Remediation

References

CVE-2023-41164

Related Vulnerabilities

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2015-8617)

WordPress Plugin Instagram Feed Unspecified Vulnerability (1.11.3)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (1.2.3)

WordPress Plugin Email posts to subscribers Multiple Vulnerabilities (2.0)

WordPress Plugin Additional Variation Images for WooCommerce Cross-Site Scripting (1.1.28)

Severity

High

Classification

CVE-2023-41164 CWE-1284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities