CVE-2023-36053
python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs.
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include cross site request forgery, denial of service, and remote shell upload vulnerabilities.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-06-20 CVE Reserved
- 2023-07-03 CVE Published
- 2024-08-02 CVE Updated
- 2025-04-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1333: Inefficient Regular Expression Complexity
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://docs.djangoproject.com/en/4.2/releases/security | Release Notes | |
| https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.djangoproject.com/weblog/2023/jul/03/security-releases | 2024-07-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 3.2 < 3.2.20 Search vendor "Djangoproject" for product "Django" and version " >= 3.2 < 3.2.20" | - |
Affected
| ||||||
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 4.0 < 4.1.10 Search vendor "Djangoproject" for product "Django" and version " >= 4.0 < 4.1.10" | - |
Affected
| ||||||
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 4.2 < 4.2.3 Search vendor "Djangoproject" for product "Django" and version " >= 4.2 < 4.2.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 12.0 Search vendor "Debian" for product "Debian Linux" and version "12.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||