vulnerability

Alpine Linux: CVE-2023-43665: Improper Validation of Specified Quantity in Input

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	2023-11-03	2024-08-22	2024-10-02

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

2023-11-03

Added

2024-08-22

Modified

2024-10-02

Description

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.

Solution

alpine-linux-upgrade-py3-django

References

CVE-2023-43665
https://attackerkb.com/topics/CVE-2023-43665
URL-https://security.alpinelinux.org/vuln/CVE-2023-43665

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today