summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorMariusz Felisiak <felisiak.mariusz@gmail.com>2023-08-22 08:53:03 +0200
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2023-09-04 11:58:37 +0200
commit3f41d6d62929dfe53eda8109b3b836f26645bdce (patch)
treea221032a51e25559ef8266a861fc8a8447078a78 /docs
parent048d75aeb1e2b1c08b1b9ec359397f00aec1b57d (diff)
Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri().
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/3.2.21.txt7
-rw-r--r--docs/releases/4.1.11.txt7
-rw-r--r--docs/releases/4.2.5.txt7
3 files changed, 19 insertions, 2 deletions
diff --git a/docs/releases/3.2.21.txt b/docs/releases/3.2.21.txt
index 79efc679d1..062ac66682 100644
--- a/docs/releases/3.2.21.txt
+++ b/docs/releases/3.2.21.txt
@@ -6,4 +6,9 @@ Django 3.2.21 release notes
Django 3.2.21 fixes a security issue with severity "moderate" in 3.2.20.
-...
+CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``
+===================================================================================================
+
+``django.utils.encoding.uri_to_iri()`` was subject to potential denial of
+service attack via certain inputs with a very large number of Unicode
+characters.
diff --git a/docs/releases/4.1.11.txt b/docs/releases/4.1.11.txt
index efb6c14071..34734603c8 100644
--- a/docs/releases/4.1.11.txt
+++ b/docs/releases/4.1.11.txt
@@ -6,4 +6,9 @@ Django 4.1.11 release notes
Django 4.1.11 fixes a security issue with severity "moderate" in 4.1.10.
-...
+CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``
+===================================================================================================
+
+``django.utils.encoding.uri_to_iri()`` was subject to potential denial of
+service attack via certain inputs with a very large number of Unicode
+characters.
diff --git a/docs/releases/4.2.5.txt b/docs/releases/4.2.5.txt
index d88ece91e6..21e04fbb97 100644
--- a/docs/releases/4.2.5.txt
+++ b/docs/releases/4.2.5.txt
@@ -7,6 +7,13 @@ Django 4.2.5 release notes
Django 4.2.5 fixes a security issue with severity "moderate" and several bugs
in 4.2.4.
+CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``
+===================================================================================================
+
+``django.utils.encoding.uri_to_iri()`` was subject to potential denial of
+service attack via certain inputs with a very large number of Unicode
+characters.
+
Bugfixes
========
generated by cgit v1.3 (git 2.53.0) at 2026-05-01 22:45:25 +0000