The open-source Python-based web framework provider, Django, reported a new denial-of-service vulnerability that could affect parties using the platform to build websites and applications. According to sources, Internationalized URLs were vulnerable to a potential denial of service attack in Django 3.2, 4.0 and 4.1 due to the locale parameter’s treatment as a regular expression.
Upon finding the vulnerability, the company released new security updates to address them and added security patches to the impacted versions. Since there are many versions of Django, the company is currently updating the previous versions and releasing security updates for all of them.
Django offers website development tools and is a common platform used by web developers. The vulnerability report was posted on GitHub Advisory Database under GitHub Reviewed, where it was assigned a ‘Common Vulnerabilities‘ and Exposures ID of CVE-2022-41323.
According to the post, the URL provided in some versions of Django was prone to DoS attacks, which were international URLs intends to scale applications beyond the immediate environment, and languages. The vulnerable URLs were part of versions before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2. Django security policy claims that the issue had medium severity. Yet, it will work around the clock to fix all the versions that were facing the vulnerability.
The 4.1, 4.0, and 3.2 release branches of Django as well as the main branch have all received patches to fix the problem. The following changesets contain the necessary patches:
The development team is releasing Django 4.1.2, Django 4.0.8, and Django 3.2.16 in compliance with its security release policy and all users have been urged by the organization to update as soon as possible.
AI fraud, deepfake probes, SME cyber warnings, and ransomware cases highlight rising global risks in this week’s Cyber Express roundup.
French national bank authority confirmed a major data breach affecting 1.2 million bank accounts after a malicious actor stole credentials…
The real success of AI will not only depend on how powerful the technology becomes, but on how safely, fairly,…
Israel data breach totals two petabytes, with phishing up 35% and cyber influence attacks rising 170%, says Yossi Karadi.
The UMMC cyberattack halted surgeries, closed clinics statewide and triggered a federal probe into potential patient data exposure.
ESET researchers discovered PromptSpy, the first known Android malware to integrate generative AI directly into its execution flow, marking a…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More