{"id":"PYSEC-2023-225","details":"In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.","aliases":["BIT-django-2023-41164","CVE-2023-41164","GHSA-7h4p-27mh-hmrw"],"modified":"2023-11-14T07:57:10.260678Z","published":"2023-11-03T05:15:00Z","references":[{"type":"ARTICLE","url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases/"},{"type":"WEB","url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"type":"WEB","url":"https://groups.google.com/forum/#!forum/django-announce"}],"affected":[{"package":{"name":"django","ecosystem":"PyPI","purl":"pkg:pypi/django"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.2"},{"fixed":"3.2.21"},{"introduced":"4.1"},{"fixed":"4.1.11"},{"introduced":"4.2"},{"fixed":"4.2.5"}]}],"versions":["3.2","3.2.1","3.2.10","3.2.11","3.2.12","3.2.13","3.2.14","3.2.15","3.2.16","3.2.17","3.2.18","3.2.19","3.2.2","3.2.20","3.2.3","3.2.4","3.2.5","3.2.6","3.2.7","3.2.8","3.2.9","4.1","4.1.1","4.1.10","4.1.2","4.1.3","4.1.4","4.1.5","4.1.6","4.1.7","4.1.8","4.1.9","4.2","4.2.1","4.2.2","4.2.3","4.2.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2023-225.yaml"}}],"schema_version":"1.7.3"}