cbcvebase.
CVE-2023-41164
published 2023-11-03

CVE-2023-41164: In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service)…

PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.28%
66.5th percentile
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianpython-django< python-django 3:3.2.25-0+deb12u1 (bookworm)python-django 3:3.2.25-0+deb12u1 (bookworm)
djangoprojectdjango>= 3.2 < 3.2.213.2.21
djangoprojectdjango>= 3.2 < 3.2.213.2.21
djangoprojectdjango>= 4.1 < 4.1.114.1.11
djangoprojectdjango>= 4.1 < 4.1.114.1.11
djangoprojectdjango>= 4.2 < 4.2.54.2.5
djangoprojectdjango>= 4.2 < 4.2.54.2.5
fedoraprojectfedora

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.