A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/django/django/commit/23f0093125ac2e553da6c1b2f9988eb6a3dd2ea1 below:

[4.0.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted a… · django/django@23f0093 · GitHub

File tree Expand file treeCollapse file tree 4 files changed

+17

-3

lines changed

Filter options

Expand file treeCollapse file tree 4 files changed

+17

-3

lines changed Original file line number Diff line number Diff line change

@@ -338,7 +338,7 @@ def __init__(self, prefix_default_language=True):

 338 338

@property

 339 339

def regex(self):

 340 340

# This is only used by reverse() and cached in _reverse_dict.

 341 -

return re.compile(self.language_prefix)

 341 +

return re.compile(re.escape(self.language_prefix))

 342 342 343 343

@property

 344 344

def language_prefix(self):

 Original file line number Diff line number Diff line change

@@ -6,4 +6,8 @@ Django 3.2.16 release notes

 6 6 7 7

Django 3.2.16 fixes a security issue with severity "medium" in 3.2.15.

 8 8 9 -

...

 9 +

CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs

 10 +

===================================================================================

 11 + 12 +

Internationalized URLs were subject to potential denial of service attack via

 13 +

the locale parameter.

 Original file line number Diff line number Diff line change

@@ -6,4 +6,8 @@ Django 4.0.8 release notes

 6 6 7 7

Django 4.0.8 fixes a security issue with severity "medium" in 4.0.7.

 8 8 9 -

...

 9 +

CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs

 10 +

===================================================================================

 11 + 12 +

Internationalized URLs were subject to potential denial of service attack via

 13 +

the locale parameter.

 Original file line number Diff line number Diff line change

@@ -198,6 +198,12 @@ def test_translate_url_utility(self):

 198 198

self.assertEqual(translate_url("/nl/gebruikers/", "en"), "/en/users/")

 199 199

self.assertEqual(translation.get_language(), "nl")

 200 200 201 +

def test_locale_not_interepreted_as_regex(self):

 202 +

with translation.override("e("):

 203 +

# Would previously error:

 204 +

# re.error: missing ), unterminated subpattern at position 1

 205 +

reverse("users")

 206 + 201 207 202 208

class URLNamespaceTests(URLTestCaseBase):

 203 209

"""

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4