Introduced through
django@3.2.20, django-haystack@3.1.1 and others
Fixed in
django@3.2.21, @4.1.11, @4.2.5
Exploit maturity
No known exploit
Detailed paths and remediation
Introduced through: project@0.0.0 › django@3.2.20
Fix: Upgrade django to version 3.2.21 or 4.1.11 or 4.2.5
Introduced through: project@0.0.0 › django-haystack@3.1.1 › django@3.2.20
Fix: Pin django to version 3.2.21 or 4.1.11 or 4.2.5
Introduced through: project@0.0.0 › django-mptt@0.13.4 › django-js-asset@2.0.0 › django@3.2.20
Fix: Pin django to version 3.2.21 or 4.1.11 or 4.2.5
Security information
Factors contributing to the scoring:
Snyk: [CVSS 7.5](https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-5880505) - High Severity
NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
Affected versions of this package are vulnerable to Denial of Service (DoS) in the django.utils.encoding.uri_to_iri() function when processing inputs with a large number of Unicode characters.
Introduced through django@3.2.20, django-haystack@3.1.1 and others Fixed in django@3.2.21, @4.1.11, @4.2.5
Detailed paths and remediation
Introduced through: project@0.0.0 › django-haystack@3.1.1 › django@3.2.20 Fix: Pin django to version 3.2.21 or 4.1.11 or 4.2.5 Introduced through: project@0.0.0 › django-mptt@0.13.4 › django-js-asset@2.0.0 › django@3.2.20 Fix: Pin django to version 3.2.21 or 4.1.11 or 4.2.5
Security information Factors contributing to the scoring:
Why are the scores different? Learn how Snyk evaluates vulnerability scores Overview
Affected versions of this package are vulnerable to Denial of Service (DoS) in the django.utils.encoding.uri_to_iri() function when processing inputs with a large number of Unicode characters.
Completion criteria: