[3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language. - django.git

diff options

author	Nick Pope <nick@nickpope.me.uk>	2023-01-25 12:21:48 +0100
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2023-02-01 09:48:18 +0100
commit	c7e0151fdf33e1b11d488b6f67b94fdf3a30614a (patch)
tree	0f0ccd90e4a1664c935d09e2f9daf26bb3f38d85 /package.json
parent	9da46345d83e5d9ecb60512efb2d2e0b2b02b974 (diff)

[3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language.

The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. Accept-Language headers are now limited to a maximum length in order to avoid this issue.

Diffstat (limited to 'package.json')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: