In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| Django(PyPI) | 3.2 | 3.2.21 | N/A |
| Django(PyPI) | 4.1 | 4.1.11 | N/A |
| Django(PyPI) | 4.2 | 4.2.5 | N/A |
CVSS Metrics
