First published: Wed Feb 01 2023(Updated: )
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/python-django | <0:3.2.18-1.el8 | 0:3.2.18-1.el8 |
redhat/python-django | <0:3.2.18-1.0.1.el8 | 0:3.2.18-1.0.1.el8 |
Djangoproject Django | >=3.2<3.2.17 | |
Djangoproject Django | >=4.0<4.0.9 | |
Djangoproject Django | >=4.1<4.1.6 | |
Debian Debian Linux | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this flaw is CVE-2023-23969.
The severity of CVE-2023-23969 is high.
CVE-2023-23969 affects Django versions 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6.
The potential impact of CVE-2023-23969 is a denial-of-service vector via excessive memory usage.
To fix CVE-2023-23969, users should update Django to version 3.2.17, 4.0.9, or 4.1.6.