CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-45115

HIGH
7.5
CVSS Severity Score
EPSS Score0.0720%
EPSS Percentile9.63th
Published2022年1月5日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.

Affected Platforms (CPE)

📦
Djangoproject

Django

>= 2.2 and < 2.2.26
📦
Djangoproject

Django

>= 3.2 and < 3.2.11
📦
Djangoproject

Django

>= 4.0 and < 4.0.1
💻
Fedoraproject

Fedora

= 35

References & Advisories

🔗 https://docs.djangoproject.com/en/4.0/releases/security/
🔗 https://groups.google.com/forum/#%21forum/django-announce
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
🔗 https://security.netapp.com/advisory/ntap-20220121-0005/
🔗 https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
🔗 https://docs.djangoproject.com/en/4.0/releases/security/
🔗 https://groups.google.com/forum/#%21forum/django-announce
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/

相關漏洞威脅

CVE-2014-047410.0

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before...

CVE-2019-131779.8

verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for sign...

CVE-2017-167649.8

An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_a...

CVE-2019-142349.8

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow k...