Introduced through
django@3.2.15, django-haystack@3.1.1 and others
Fixed in
django@3.2.16, @4.0.8, @4.1.2
Exploit maturity
No known exploit
Introduced through: project@0.0.0 › django-haystack@3.1.1 › django@3.2.15
Fix: Pin django to version 3.2.16 or 4.0.8 or 4.1.2
Introduced through: project@0.0.0 › django-mptt@0.13.4 › django-js-asset@2.0.0 › django@3.2.15
Fix: Pin django to version 3.2.16 or 4.0.8 or 4.1.2
Affected versions of this package are vulnerable to Denial of Service (DoS) when using internationalized URLs, due to locale parameter being interpreted as regular expression.
Completion criteria
[ ] Verify that this is indeed a vulnerability for us and either complete the remediation or document, close the ticket and snooze the Snyk alert.
Introduced through django@3.2.15, django-haystack@3.1.1 and others Fixed in django@3.2.16, @4.0.8, @4.1.2
Introduced through: project@0.0.0 › django-haystack@3.1.1 › django@3.2.15 Fix: Pin django to version 3.2.16 or 4.0.8 or 4.1.2 Introduced through: project@0.0.0 › django-mptt@0.13.4 › django-js-asset@2.0.0 › django@3.2.15 Fix: Pin django to version 3.2.16 or 4.0.8 or 4.1.2
Affected versions of this package are vulnerable to Denial of Service (DoS) when using internationalized URLs, due to locale parameter being interpreted as regular expression.
Completion criteria