Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows
Vulnerability Description
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial of service via large URL inputs containing these characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Django 安全漏洞
Vulnerability Description
Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 6.0.3之前版本、5.2.12之前版本和4.2.29之前版本存在安全漏洞,该漏洞源于URLField.to_python函数调用urllib.parse.urlsplit时,在Windows上对某些Unicode字符执行NFKC归一化操作速度过慢,可能导致远程攻击者通过包含这些字符的大量URL输入造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A