GHSA-v9qg-3j8p-r63v

Source

https://github.com/advisories/GHSA-v9qg-3j8p-r63v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/08/GHSA-v9qg-3j8p-r63v/GHSA-v9qg-3j8p-r63v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v9qg-3j8p-r63v

Aliases

Published

2019-08-06T01:43:31Z

Modified

2024-09-20T16:35:02.132194Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Uncontrolled Recursion in Django

Details

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.

References

Affected packages

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.11a1

Fixed

1.11.23

Affected versions

1.*

1.11a1

1.11b1

1.11rc1

1.11

1.11.1

1.11.2

1.11.3

1.11.4

1.11.5

1.11.6

1.11.7

1.11.8

1.11.9

1.11.10

1.11.11

1.11.12

1.11.13

1.11.14

1.11.15

1.11.16

1.11.17

1.11.18

1.11.20

1.11.21

1.11.22

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1a1

Fixed

2.1.11

Affected versions

2.*

2.1a1

2.1b1

2.1rc1

2.1

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.7

2.1.8

2.1.9

2.1.10

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2a1

Fixed

2.2.4

Affected versions

2.*

2.2a1

2.2b1

2.2rc1

2.2

2.2.1

2.2.2

2.2.3