CVE-2021-45115

Uncontrolled Resource Consumption in pypi/Django

Identifiers

CVE-2021-45115

Package Slug

pypi/Django

Vulnerability

Uncontrolled Resource Consumption

Description

An issue was discovered in Django. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.

Affected Versions

All versions starting from 2.2 before 2.2.26, all versions starting from 3.2 before 3.2.11, all versions starting from 4.0 before 4.0.1

Solution

Upgrade to versions 2.2.26, 3.2.11, 4.0.1 or above.

Last Modified

2022-01-13

source