Django vulnerable to Denial of Service via i18n middleware component
High severity
GitHub Reviewed
Published
May 1, 2022
to the GitHub Advisory Database
•
Updated Nov 18, 2024
Package
Affected versions
>= 0.95, < 0.95.2
= 0.96.0
= 0.91.0
Patched versions
0.95.2
0.96.1
0.91.1
Description
Published by the National Vulnerability Database
Oct 30, 2007
Published to the GitHub Advisory Database
May 1, 2022
Reviewed
Apr 29, 2024
Last updated
Nov 18, 2024
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
References