In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "python-django-common": "1:1.11.11-1ubuntu1.21+esm1", "python-django-doc": "1:1.11.11-1ubuntu1.21+esm1", "python-django": "1:1.11.11-1ubuntu1.21+esm1", "python3-django": "1:1.11.11-1ubuntu1.21+esm1" } ] }