A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/django/django/commit/9d656ea51d9ea7105c0c0785783ac29d426a7d25 below:

[4.1.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted a… · django/django@9d656ea · GitHub

File tree Expand file treeCollapse file tree 5 files changed

+23

-3

lines changed

Filter options

Expand file treeCollapse file tree 5 files changed

+23

-3

lines changed Original file line number Diff line number Diff line change

@@ -346,7 +346,7 @@ def __init__(self, prefix_default_language=True):

 346 346

@property

 347 347

def regex(self):

 348 348

# This is only used by reverse() and cached in _reverse_dict.

 349 -

return re.compile(self.language_prefix)

 349 +

return re.compile(re.escape(self.language_prefix))

 350 350 351 351

@property

 352 352

def language_prefix(self):

 Original file line number Diff line number Diff line change

@@ -6,4 +6,8 @@ Django 3.2.16 release notes

 6 6 7 7

Django 3.2.16 fixes a security issue with severity "medium" in 3.2.15.

 8 8 9 -

...

 9 +

CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs

 10 +

===================================================================================

 11 + 12 +

Internationalized URLs were subject to potential denial of service attack via

 13 +

the locale parameter.

 Original file line number Diff line number Diff line change

@@ -6,4 +6,8 @@ Django 4.0.8 release notes

 6 6 7 7

Django 4.0.8 fixes a security issue with severity "medium" in 4.0.7.

 8 8 9 -

...

 9 +

CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs

 10 +

===================================================================================

 11 + 12 +

Internationalized URLs were subject to potential denial of service attack via

 13 +

the locale parameter.

 Original file line number Diff line number Diff line change

@@ -7,6 +7,12 @@ Django 4.1.2 release notes

 7 7

Django 4.1.2 fixes a security issue with severity "medium" and several bugs in

 8 8

4.1.1.

 9 9 10 +

CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs

 11 +

===================================================================================

 12 + 13 +

Internationalized URLs were subject to potential denial of service attack via

 14 +

the locale parameter.

 15 + 10 16

Bugfixes

 11 17

========

 12 18 Original file line number Diff line number Diff line change

@@ -215,6 +215,12 @@ def test_reverse_translated_with_captured_kwargs(self):

 215 215

expected_link,

 216 216

)

 217 217 218 +

def test_locale_not_interepreted_as_regex(self):

 219 +

with translation.override("e("):

 220 +

# Would previously error:

 221 +

# re.error: missing ), unterminated subpattern at position 1

 222 +

reverse("users")

 223 + 218 224 219 225

class URLNamespaceTests(URLTestCaseBase):

 220 226

"""

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4