VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-d653-dvqd-aaaq

Essentials
Severities (117)
References (35)
Severity details (31)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-d653-dvqd-aaaq
Aliases	BIT-django-2023-41164 CVE-2023-41164 GHSA-7h4p-27mh-hmrw PYSEC-2023-225
Summary	In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Status	Published
Exploitability	0.5
Weighted Severity	7.1
Risk	3.5
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1284	Improper Validation of Specified Quantity in Input
CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	6.3	https://access.redhat.com/errata/RHSA-2024:2010
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2010
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json
epss	0.00115	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00164	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00180	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00180	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00180	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00180	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00193	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00193	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00193	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00273	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00284	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00284	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00284	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00318	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.00318	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-41164
cvssv3.1	7.5	https://docs.djangoproject.com/en/4.2/releases/security
generic_textual	HIGH	https://docs.djangoproject.com/en/4.2/releases/security
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-7h4p-27mh-hmrw
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	5.3	https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
generic_textual	MODERATE	https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
cvssv3.1	5.3	https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
generic_textual	MODERATE	https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
cvssv3.1	5.3	https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
generic_textual	MODERATE	https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
cvssv3.1	5.3	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
cvssv3.1	3.7	https://groups.google.com/forum/#%21forum/django-announce
generic_textual	MODERATE	https://groups.google.com/forum/#%21forum/django-announce
cvssv3.1	7.5	https://groups.google.com/forum/#!forum/django-announce
generic_textual	HIGH	https://groups.google.com/forum/#!forum/django-announce
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-41164
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-41164
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20231214-0002
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20231214-0002
cvssv3.1	5.3	https://www.djangoproject.com/weblog/2023/sep/04/security-releases
generic_textual	MODERATE	https://www.djangoproject.com/weblog/2023/sep/04/security-releases

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-41164
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
		https://docs.djangoproject.com/en/4.2/releases/security
		https://docs.djangoproject.com/en/4.2/releases/security/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django
		https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
		https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
		https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
		https://groups.google.com/forum/#%21forum/django-announce
		https://groups.google.com/forum/#!forum/django-announce
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU/
		https://security.netapp.com/advisory/ntap-20231214-0002
		https://security.netapp.com/advisory/ntap-20231214-0002/
		https://www.djangoproject.com/weblog/2023/sep/04/security-releases
		https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
1051226		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226
2237258		https://bugzilla.redhat.com/show_bug.cgi?id=2237258
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:o:fedoraproject:fedora:39:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:::::::*
CVE-2023-41164		https://nvd.nist.gov/vuln/detail/CVE-2023-41164
GHSA-7h4p-27mh-hmrw		https://github.com/advisories/GHSA-7h4p-27mh-hmrw
RHSA-2023:5208		https://access.redhat.com/errata/RHSA-2023:5208
RHSA-2023:5701		https://access.redhat.com/errata/RHSA-2023:5701
RHSA-2023:5758		https://access.redhat.com/errata/RHSA-2023:5758
RHSA-2024:1878		https://access.redhat.com/errata/RHSA-2024:1878
RHSA-2024:2010		https://access.redhat.com/errata/RHSA-2024:2010
USN-6378-1		https://usn.ubuntu.com/6378-1/
USN-6414-2		https://usn.ubuntu.com/6414-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:2010

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:15:00Z/ Found at https://access.redhat.com/errata/RHSA-2024:2010

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://docs.djangoproject.com/en/4.2/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://groups.google.com/forum/#%21forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-41164

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-41164

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.netapp.com/advisory/ntap-20231214-0002

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://www.djangoproject.com/weblog/2023/sep/04/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.46275
EPSS Score	0.00115
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.