{"id":"CVE-2019-14235","details":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.","aliases":["GHSA-v9qg-3j8p-r63v","PYSEC-2019-14"],"modified":"2026-04-10T04:15:40.536401Z","published":"2019-08-02T15:15:12.023Z","related":["SUSE-SU-2019:2180-1","SUSE-SU-2019:2257-1","SUSE-SU-2019:2335-1","openSUSE-SU-2019:1839-1","openSUSE-SU-2019:1872-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Aug/15"},{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4498"},{"type":"ADVISORY","url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202004-17"},{"type":"FIX","url":"https://docs.djangoproject.com/en/dev/releases/security/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/django/django","events":[{"introduced":"c669cf279ae7b3e02a61db4fb077030a4db80e4f"},{"fixed":"974897759e9afc4cc56fb87e12319fa9697e93c9"},{"introduced":"df591468251ed489a3e147d7c359f387f4effe66"},{"fixed":"ff9dcc0867eba90e9ab1b07a4b3eb79928717918"},{"introduced":"2a62cdcfec85938f40abb2e9e6a9ff497e02afe8"},{"fixed":"8687fbe034ac5eec20e0948b98eb8a2f0b1431a1"}],"database_specific":{"versions":[{"introduced":"1.11"},{"fixed":"1.11.23"},{"introduced":"2.1"},{"fixed":"2.1.11"},{"introduced":"2.2"},{"fixed":"2.2.4"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14235.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}