Launch Week Day 1: Announcing Security Design Review
Start for Free
HIGH 7.5 PyPI

Django contains Uncontrolled Resource Consumption via cached header

GHSA-q2jf-h9jm-m7p4 · BIT-django-2023-23969 · CVE-2023-23969 · PYSEC-2023-12

Published · Modified

Description

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes