Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri().

Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2025-10-31 09:41:08 +00:00 · 2023-08-22 08:53:03 +02:00
parent 048d75aeb1
commit 3f41d6d629
5 changed files with 43 additions and 5 deletions
--- a/docs/releases/4.2.5.txt
+++ b/docs/releases/4.2.5.txt
@@ -7,6 +7,13 @@ Django 4.2.5 release notes
 Django 4.2.5 fixes a security issue with severity "moderate" and several bugs
 in 4.2.4.

+CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``
+===================================================================================================
+
+``django.utils.encoding.uri_to_iri()`` was subject to potential denial of
+service attack via certain inputs with a very large number of Unicode
+characters.
+
 Bugfixes
 ========