CVE-2022-41323
Summary
| CVE | CVE-2022-41323 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-16 06:15:00 UTC |
| Updated | 2023-11-07 03:52:00 UTC |
| Description | In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Djangoproject | Django | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 37 Update: python-django3-3.2.18-1.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Redirecting to Google Groups | groups.google.com | ||
| Redirecting to Google Groups | MISC | groups.google.com | |
| [SECURITY] Fedora 38 Update: python-django-4.0.10-1.fc38 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 38 Update: python-django3-3.2.18-1.fc38 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Django security releases issued: 4.1.2, 4.0.8, and 3.2.16 | Weblog | Django | CONFIRM | www.djangoproject.com | |
| [SECURITY] Fedora 36 Update: python-django3-3.2.18-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: python-django3-3.2.18-1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| CVE-2022-41323 Django Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| Archive of security issues | Django documentation | Django | MISC | docs.djangoproject.com | |
| [SECURITY] Fedora 38 Update: python-django3-3.2.18-1.fc38 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: python-django3-3.2.18-1.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [3.2.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted a… · django/django@5b6b257 · GitHub | MISC | github.com | |
| [SECURITY] Fedora 37 Update: python-django-4.0.10-1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 38 Update: python-django-4.0.10-1.fc38 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: python-django-4.0.10-1.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181137 Debian Security Update for python-django (DSA 5254-1)
- 183264 Debian Security Update for python-django (CVE-2022-41323)
- 198971 Ubuntu Security Notification for Django Vulnerability (USN-5653-1)
- 241405 Red Hat Update for Satellite 6.13 (RHSA-2023:2097)
- 283757 Fedora Security Update for python (FEDORA-2023-3d775d93be)
- 283758 Fedora Security Update for python (FEDORA-2023-bde7913e5a)
- 283945 Fedora Security Update for python (FEDORA-2023-8fed428c5e)
- 284167 Fedora Security Update for python (FEDORA-2023-a53ab7c969)
- 284273 Fedora Security Update for python (FEDORA-2023-a74513bda8)
- 296098 Oracle Solaris 11.4 Support Repository Update (SRU) 52.132.2 Missing (CPUOCT2022)
- 502557 Alpine Linux Security Update for py3-django
- 502920 Alpine Linux Security Update for py3-django
- 505799 Alpine Linux Security Update for py3-django
- 690955 Free Berkeley Software Distribution (FreeBSD) Security Update for django (f4f15051-4574-11ed-81a1-080027881239)
- 960924 Rocky Linux Security Update for Satellite (RLSA-2023:2097)