QwikSec

Security Database

CVE

CWE

Training

CVE-2023-23969

Published: Feb 1, 2023

Modified: Mar 27, 2025

PUBLISHED

Description

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://groups.google.com/forum/#%21forum/django-announce

https://docs.djangoproject.com/en/4.1/releases/security/

https://www.djangoproject.com/weblog/2023/feb/01/security-releases/

[debian-lts-announce] 20230201 [SECURITY] [DLA 3306-1] python-django security update

mailing-list

https://security.netapp.com/advisory/ntap-20230302-0007/

FEDORA-2023-8fed428c5e

vendor-advisory

FEDORA-2023-a53ab7c969

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.