875323 – (CVE-2022-41323) <dev-python/django-{3.2.16,4.0.8,4.1.2}: Potential denial-of-service vulnerability in internationalized URLs

Bug 875323 (CVE-2022-41323) - <dev-python/django-{3.2.16,4.0.8,4.1.2}: Potential denial-of-service vulnerability in internationalized URLs

Summary: <dev-python/django-{3.2.16,4.0.8,4.1.2}: Potential denial-of-service vulnerab...

Status:	IN_PROGRESS

Alias:	CVE-2022-41323

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://www.djangoproject.com/weblog/...
Whiteboard:	B3 [glsa?]
Keywords:

Depends on:	875341 875344 875347
Blocks:
	Show dependency tree

Reported:	2022-10-05 07:45 UTC by Michał Górny
Modified:	2022-10-06 13:49 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2022-10-05 07:45:55 UTC

CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
Internationalized URLs were subject to potential denial of service attack via the locale parameter. This is now escaped to avoid this possibility.

This issue has medium severity, according to the Django security policy.

Comment 1 John Helmert III archtester

2022-10-05 13:44:28 UTC

Thanks!

Comment 2 Michał Górny archtester

2022-10-06 09:33:04 UTC

cleanup done.

Comment 3 John Helmert III archtester

2022-10-06 13:49:56 UTC

Thanks!