Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions.

Thanks to Benjamin Balder Bach for the report.
2025-10-31 09:41:08 +00:00 · 2022-09-02 09:44:05 +01:00
parent 4771a1694b
commit e5ea284294
5 changed files with 23 additions and 3 deletions
--- a/docs/releases/4.1.2.txt
+++ b/docs/releases/4.1.2.txt
@@ -7,6 +7,12 @@ Django 4.1.2 release notes
 Django 4.1.2 fixes a security issue with severity "medium" and several bugs in
 4.1.1.

+CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
+===================================================================================
+
+Internationalized URLs were subject to potential denial of service attack via
+the locale parameter.
+
 Bugfixes
 ========