DoS via uri_to_iri() in Django 3.2<3.2.21, 4.1<4.1.11, 4.2<4.2.5
CVE-2023-41164 Published on November 3, 2023

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2023-41164

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-41164 are published in these products:

Canonical Ubuntu Linux

Django Project Django

Fedora Project Fedora

Exploit Probability

EPSS

0.42%

Percentile

61.48%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

DoS via uri_to_iri() in Django 3.2<3.2.21, 4.1<4.1.11, 4.2<4.2.5CVE-2023-41164 Published on November 3, 2023

Products Associated with CVE-2023-41164

Exploit Probability

DoS via uri_to_iri() in Django 3.2<3.2.21, 4.1<4.1.11, 4.2<4.2.5
CVE-2023-41164 Published on November 3, 2023