This repository has been archived by the owner on May 22, 2024. It is now read-only.
[Snyk: High] Django (Due 10/5/23) #792
Labels
Security: general
General security concern or issue
Security: high
Remediate within 30 days
Work: Back-end
Milestone
Introduced through
django@3.2.20, django-haystack@3.1.1 and others
Fixed in
django@3.2.21, @4.1.11, @4.2.5
Detailed paths and remediation
Introduced through: project@0.0.0 › django-haystack@3.1.1 › django@3.2.20
Fix: Pin django to version 3.2.21 or 4.1.11 or 4.2.5
Introduced through: project@0.0.0 › django-mptt@0.13.4 › django-js-asset@2.0.0 › django@3.2.20
Fix: Pin django to version 3.2.21 or 4.1.11 or 4.2.5
Security information
Factors contributing to the scoring:
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
Affected versions of this package are vulnerable to Denial of Service (DoS) in the django.utils.encoding.uri_to_iri() function when processing inputs with a large number of Unicode characters.
Completion criteria:
The text was updated successfully, but these errors were encountered: