VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-c4jh-zr55-aaae

Essentials
Severities (128)
References (34)
Severity details (44)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-c4jh-zr55-aaae
Aliases	BIT-2023-23969 BIT-django-2023-23969 CVE-2023-23969 GHSA-q2jf-h9jm-m7p4 PYSEC-0000-CVE-2023-23969 PYSEC-2023-12
Summary	In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-770	Allocation of Resources Without Limits or Throttling
CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23969.json
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01424	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01424	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01424	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01424	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01424	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01424	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01424	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01424	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01424	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01424	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01424	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01424	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.01817	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
epss	0.03084	https://api.first.org/data/v1/epss?cve=CVE-2023-23969
cvssv3.1	7.5	https://docs.djangoproject.com/en/4.1/releases/security
generic_textual	HIGH	https://docs.djangoproject.com/en/4.1/releases/security
cvssv3.1	7.5	https://docs.djangoproject.com/en/4.1/releases/security/
ssvc	Track	https://docs.djangoproject.com/en/4.1/releases/security/
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	7.5	https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
generic_textual	HIGH	https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
cvssv3.1	7.5	https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
generic_textual	HIGH	https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
cvssv3.1	7.5	https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
generic_textual	HIGH	https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
cvssv3.1	7.5	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
cvssv3.1	3.7	https://groups.google.com/forum/#%21forum/django-announce
cvssv3.1	7.5	https://groups.google.com/forum/#%21forum/django-announce
generic_textual	MODERATE	https://groups.google.com/forum/#%21forum/django-announce
ssvc	Track	https://groups.google.com/forum/#%21forum/django-announce
cvssv3.1	7.5	https://groups.google.com/forum/#!forum/django-announce
generic_textual	HIGH	https://groups.google.com/forum/#!forum/django-announce
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-23969
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-23969
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20230302-0007
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20230302-0007
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20230302-0007/
ssvc	Track	https://security.netapp.com/advisory/ntap-20230302-0007/
cvssv3.1	7.5	https://www.djangoproject.com/weblog/2023/feb/01/security-releases
generic_textual	HIGH	https://www.djangoproject.com/weblog/2023/feb/01/security-releases
cvssv3.1	7.5	https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
ssvc	Track	https://www.djangoproject.com/weblog/2023/feb/01/security-releases/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23969.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-23969
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23969
		https://docs.djangoproject.com/en/4.1/releases/security
		https://docs.djangoproject.com/en/4.1/releases/security/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django
		https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
		https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
		https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
		https://groups.google.com/forum/#%21forum/django-announce
		https://groups.google.com/forum/#!forum/django-announce
		https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
		https://security.netapp.com/advisory/ntap-20230302-0007
		https://security.netapp.com/advisory/ntap-20230302-0007/
		https://www.djangoproject.com/weblog/2023/feb/01/security-releases
		https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
1030251		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030251
2166457		https://bugzilla.redhat.com/show_bug.cgi?id=2166457
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2023-23969		https://nvd.nist.gov/vuln/detail/CVE-2023-23969
GHSA-q2jf-h9jm-m7p4		https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
RHSA-2023:2097		https://access.redhat.com/errata/RHSA-2023:2097
RHSA-2023:2101		https://access.redhat.com/errata/RHSA-2023:2101
USN-5837-1		https://usn.ubuntu.com/5837-1/
USN-5837-2		https://usn.ubuntu.com/5837-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23969.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://docs.djangoproject.com/en/4.1/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://docs.djangoproject.com/en/4.1/releases/security/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/ Found at https://docs.djangoproject.com/en/4.1/releases/security/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://groups.google.com/forum/#%21forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#%21forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/ Found at https://groups.google.com/forum/#%21forum/django-announce

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/ Found at https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-23969

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-23969

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20230302-0007

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20230302-0007/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/ Found at https://security.netapp.com/advisory/ntap-20230302-0007/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.djangoproject.com/weblog/2023/feb/01/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.djangoproject.com/weblog/2023/feb/01/security-releases/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/ Found at https://www.djangoproject.com/weblog/2023/feb/01/security-releases/

Exploit Prediction Scoring System (EPSS)

Percentile	0.75722
EPSS Score	0.00486
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.