CVE-2021-45115
pypi/Django
Uncontrolled Resource Consumption
An issue was discovered in Django. UserAttributeSimilarityValidator
incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
All versions starting from 2.2 before 2.2.26, all versions starting from 3.2 before 3.2.11, all versions starting from 4.0 before 4.0.1
Upgrade to versions 2.2.26, 3.2.11, 4.0.1 or above.
2022-01-13
source |