CVE-2023-36053 Information

Description

In Django 3.2 before 3.2.20 4 before 4.1.10 and 4.2 before 4.2.3 EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

Reference

https://www.djangoproject.com/weblog/2023/jul/03/security-releases/ https://docs.djangoproject.com/en/4.2/releases/security/ https://groups.google.com/forum/#!forum/django-announce