Launchpad.net

CVE 2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

Related bugs and status

CVE-2023-36053 (Candidate) is related to these bugs:

Bug #2022089: Update Django to version 4.2 for mantic

		In	Importance	Status
2022089	Update Django to version 4.2 for mantic	python-django (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	hyperkitty (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	hyperkitty (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-mailman3 (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-mailman3 (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-assets (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-assets (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-menu-generator-ng (Ubuntu)	Undecided	Won't Fix
2022089	Update Django to version 4.2 for mantic	django-menu-generator-ng (Ubuntu Mantic)	Undecided	Won't Fix
2022089	Update Django to version 4.2 for mantic	python-django-modelcluster (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-modelcluster (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-ara (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-ara (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-dbbackup (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-dbbackup (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-compressor (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-compressor (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-cte (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-cte (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-oauth-toolkit (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-oauth-toolkit (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-tables (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-tables (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	djangorestframework-filters (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	djangorestframework-filters (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	factory-boy (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	factory-boy (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	lava (Ubuntu Mantic)	Undecided	Won't Fix
2022089	Update Django to version 4.2 for mantic	postorius (Ubuntu Mantic)	Undecided	Invalid
2022089	Update Django to version 4.2 for mantic	python-django-celery-results (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-celery-results (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-crispy-forms (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-crispy-forms (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-tagging (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-tagging (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-cachalot (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-cachalot (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	psycopg3 (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	psycopg3 (Ubuntu Mantic)	Undecided	Fix Released

Bug #2025155: SRU: Fix URLValidator crash in some edge cases

Summary				In	Importance	Status
	2025155	SRU: Fix URLValidator crash in some edge cases		python-django (Ubuntu)	Undecided	Fix Released
	2025155	SRU: Fix URLValidator crash in some edge cases		python-django (Ubuntu Lunar)	Undecided	Fix Released

Bug #2030472: [Debian] High CVE: CVE-2023-36053/CVE-2023-23969/CVE-2023-24580/CVE-2023-31047 python-django: multiple CVEs

Summary				In	Importance	Status
	2030472	[Debian] High CVE: CVE-2023-36053/CVE-2023-23969/CVE-2023-24580/CVE-2023-31047 python-django: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-36053

Related bugs and status

Related bugs

References