From 6f030b1149bd8fa4ba90452e77cb3edc095ce54e Mon Sep 17 00:00:00 2001 From: Mariusz Felisiak Date: Tue, 22 Aug 2023 08:53:03 +0200 Subject: [3.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri(). Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. Co-authored-by: nessita <124304+nessita@users.noreply.github.com> --- docs/releases/3.2.21.txt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/releases/3.2.21.txt b/docs/releases/3.2.21.txt index 79efc679d1..062ac66682 100644 --- a/docs/releases/3.2.21.txt +++ b/docs/releases/3.2.21.txt @@ -6,4 +6,9 @@ Django 3.2.21 release notes Django 3.2.21 fixes a security issue with severity "moderate" in 3.2.20. -... +CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` +=================================================================================================== + +``django.utils.encoding.uri_to_iri()`` was subject to potential denial of +service attack via certain inputs with a very large number of Unicode +characters. -- cgit v1.3