Wind River Support Network

HomeDefectsLIN1021-5183
Acknowledged

LIN1021-5183 : Security Advisory - python-django - CVE-2023-23969

Created: Feb 2, 2023    Updated: Feb 11, 2025
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

CREATE(Triage):(User=admin) CVE-2023-23969 (https://nvd.nist.gov/vuln/detail/CVE-2023-23969)
Live chat
Online