Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions.

Thanks to Benjamin Balder Bach for the report.
2025-10-31 09:41:08 +00:00 · 2022-09-02 09:44:05 +01:00
parent 4771a1694b
commit e5ea284294
5 changed files with 23 additions and 3 deletions
--- a/docs/releases/4.0.8.txt
+++ b/docs/releases/4.0.8.txt
@@ -6,4 +6,8 @@ Django 4.0.8 release notes

 Django 4.0.8 fixes a security issue with severity "medium" in 4.0.7.

-...
+CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
+===================================================================================
+
+Internationalized URLs were subject to potential denial of service attack via
+the locale parameter.