First published: Wed Oct 04 2023(Updated: )
Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3-django | <3:3.2.18-1ubuntu0.5 | 3:3.2.18-1ubuntu0.5 |
=23.04 | ||
All of | ||
ubuntu/python3-django | <2:3.2.12-2ubuntu1.9 | 2:3.2.12-2ubuntu1.9 |
=22.04 | ||
All of | ||
ubuntu/python3-django | <2:2.2.12-1ubuntu0.20 | 2:2.2.12-1ubuntu0.20 |
=20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Django vulnerability is USN-6414-1.
This Django vulnerability could allow a remote attacker to cause a denial of service by consuming resources.
Versions 3.2.18-1ubuntu0.5, 3.2.12-2ubuntu1.9, and 2.2.12-1ubuntu0.20 of Django are affected by this vulnerability.
To fix this Django vulnerability, update to version 3.2.18-1ubuntu0.5, 3.2.12-2ubuntu1.9, or 2.2.12-1ubuntu0.20 of Django.
You can find more information about this Django vulnerability at the following references: [CVE-2023-43665](https://ubuntu.com/security/CVE-2023-43665), [Ubuntu Security Notice USN-6414-1](https://launchpad.net/ubuntu/+source/python-django/3:3.2.18-1ubuntu0.5), [Launchpad - python-django](https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.9).