mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator.

Browse Source 
Thanks Seokchan Yoon for reports.
This commit is contained in:
Mariusz Felisiak
2023-06-14 12:23:06 +02:00
parent 7eeadc82c2
commit ad0410ec4f
10 changed files with 73 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/releases/4.2.3.txt
View File

@@ -7,6 +7,13 @@ Django 4.2.3 release notes
Django 4.2.3 fixes a security issue with severity "moderate" and several bugs
in 4.2.2.
CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
===================================================================================================================
``EmailValidator`` and ``URLValidator`` were subject to potential regular
expression denial of service attack via a very large number of domain name
labels of emails and URLs.
Bugfixes
========