{"id":"PYSEC-2019-14","details":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.","aliases":["CVE-2019-14235","GHSA-v9qg-3j8p-r63v"],"modified":"2023-11-08T04:01:09.464696Z","published":"2019-08-02T15:15:00Z","references":[{"type":"ARTICLE","url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"type":"WEB","url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"type":"WEB","url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Aug/15"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4498"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202004-17"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-v9qg-3j8p-r63v"}],"affected":[{"package":{"name":"django","ecosystem":"PyPI","purl":"pkg:pypi/django"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.2"},{"fixed":"2.2.4"},{"introduced":"1.11"},{"fixed":"1.11.23"},{"introduced":"2.1"},{"fixed":"2.1.11"}]}],"versions":["1.11","1.11.1","1.11.2","1.11.3","1.11.4","1.11.5","1.11.6","1.11.7","1.11.8","1.11.9","1.11.10","1.11.11","1.11.12","1.11.13","1.11.14","1.11.15","1.11.16","1.11.17","1.11.18","1.11.20","1.11.21","1.11.22","2.1","2.1.1","2.1.2","2.1.3","2.1.4","2.1.5","2.1.7","2.1.8","2.1.9","2.1.10","2.2","2.2.1","2.2.2","2.2.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2019-14.yaml"}}],"schema_version":"1.7.3"}