cbcvebase.
CVE-2023-46695
published 2023-11-02

CVE-2023-46695: An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence…

PriorityP352high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
49.77%
98.8th percentile
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianpython-django
djangoprojectdjango>= 3.2 < 3.2.233.2.23
djangoprojectdjango>= 3.2 < 3.2.233.2.23
djangoprojectdjango>= 3.2a1 < 3.2.233.2.23
djangoprojectdjango>= 4.1 < 4.1.134.1.13
djangoprojectdjango>= 4.1 < 4.1.134.1.13
djangoprojectdjango>= 4.1a1 < 4.1.134.1.13
djangoprojectdjango>= 4.2 < 4.2.74.2.7
djangoprojectdjango>= 4.2. < 4.2.74.2.7
djangoprojectdjango>= 4.2a1 < 4.2.74.2.7
frigatefrigate>= 0 < 0.13.20.13.2

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.