{"id":"BIT-django-2023-36053","details":"In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.","aliases":["CVE-2023-36053","GHSA-jh3w-4vvf-mjgr","PYSEC-2023-100"],"modified":"2025-11-06T13:25:46.476Z","published":"2024-03-06T10:51:44.168Z","database_specific":{"cpes":["cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"],"severity":"High"},"references":[{"type":"WEB","url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"type":"WEB","url":"https://groups.google.com/forum/#%21forum/django-announce"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/"},{"type":"WEB","url":"https://www.debian.org/security/2023/dsa-5465"},{"type":"WEB","url":"https://www.djangoproject.com/weblog/2023/jul/03/security-releases/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36053"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/"}],"affected":[{"package":{"name":"django","ecosystem":"Bitnami","purl":"pkg:bitnami/django"},"ranges":[{"type":"SEMVER","events":[{"introduced":"3.2.0"},{"fixed":"3.2.20"},{"introduced":"4.0.0"},{"fixed":"4.1.10"},{"introduced":"4.2.0"},{"fixed":"4.2.3"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/django/BIT-django-2023-36053.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}],"schema_version":"1.7.3"}