All errata/sisyphus_e2k/ALT-PU-2023-2964-1
ALT-PU-2023-2964-1

Package update python3-module-django in branch sisyphus_e2k

Version3.2.18-alt1
Task#0
Published2023-03-25
Max severityHIGH
Severity:

Closed issues (3)

BDU:2023-00662
MEDIUM4.7

Уязвимость программной платформы для веб-приложений Django, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-02-10Modified: 2024-01-09
CVSS 3.xMEDIUM 4.7
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2023-23969
HIGH7.5

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

Published: 2023-02-01Modified: 2025-03-27
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2023-24580
HIGH7.5

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

Published: 2023-02-15Modified: 2025-03-18
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References