summaryrefslogtreecommitdiff
path: root/scripts/prepare_commit_msg.py
diff options
context:
space:
mode:
authorNatalia <124304+nessita@users.noreply.github.com>2026-01-29 22:52:41 -0300
committerNatalia <124304+nessita@users.noreply.github.com>2026-03-03 09:08:46 -0300
commit951ffb3832cd83ba672c1e3deae2bda128eb9cca (patch)
treeef54fa16e02bd57198368c3e2f8df9bbc7f9f171 /scripts/prepare_commit_msg.py
parentc1d8646ec219b8b90ebdd463f40e5767876658a0 (diff)
Fixed CVE-2026-25673 -- Simplified URLField scheme detection.
This simplicaftion mitigates a potential DoS in URLField on Windows. The usage of `urlsplit()` in `URLField.to_python()` was replaced with `str.partition(":")` for URL scheme detection. On Windows, `urlsplit()` performs Unicode normalization which is slow for certain characters, making `URLField` vulnerable to DoS via specially crafted POST payloads. Thanks Seokchan Yoon for the report, and Jake Howard and Shai Berger for the review. Refs #36923. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Diffstat (limited to 'scripts/prepare_commit_msg.py')
0 files changed, 0 insertions, 0 deletions