Closed Sim4n6 closed 3 months ago
The following commit is the fix intended for CVE-2023-46695. You can notice that the Django team lets the developers decide on the use (or not) of the max_length
value. This query would catch the fixed version as a hit if no max_length
is set.
Your submission is now in status Test run.
For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed
Your submission is now in status Results analysis.
For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed
Your submission is now in status Query review.
For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed
Your submission is now in status Final decision.
For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed
Your submission is now in status Pay.
For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed
Created Hackerone report 2429472 for bounty 561923 : [813] [Python]: Unicode DoS
Your submission is now in status Closed.
For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed
Query PR
https://github.com/github/codeql/pull/15319
Language
Python
CVE(s) ID list
CWE
CWE-770: Allocation of Resources Without Limits or Throttling
Report
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
https://sim4n6.beehiiv.com