CVE-2022-41323

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

References

Affected packages

Git / github.com/django/django

Affected ranges

Type

GIT

Repo

https://github.com/django/django

Events

Introduced

3591e1c1acbd7c13174275367c3fdf012cb0413b

Fixed

4c85beca9d8bf24573d741e26ea36295c69af5b2

Introduced

ef62a3a68c9d558486145a42c0d71ea9a76add9e

Fixed

7d5cb4950166a0e5eaf1c14742b64b8b055b0021

Introduced

9fee86e44dd83dc968ec443adcde191b3eba1286

Fixed

6e9c6a05f17cba71d40d16ff1d869ed3d6e3b6a0

Fixed

5b6b257fa7ec37ff27965358800c67e2dd11c924

Database specific

{
    "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.2"
        },
        {
            "fixed": "3.2.16"
        },
        {
            "introduced": "4.0"
        },
        {
            "fixed": "4.0.8"
        },
        {
            "introduced": "4.1"
        },
        {
            "fixed": "4.1.2"
        }
    ],
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ]
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41323.json"