[Snyk - Medium] Allocation of Resources vulnerability in Django 5.2.11 (due 5/10/26)

[exalate-issue-sync]

• Introduced through

  django@5.2.11, dj-database-url@2.3.0 and others

• Fixed in django@5.2.12

Detailed paths and remediation

• Introduced through: root@0.0.0 › django@5.2.11

  Fix: Upgrade django to version 4.2.29 or 5.2.12 or 6.0.3

• Introduced through: root@0.0.0 › dj-database-url@2.3.0 › django@5.2.11

  Fix: Pin django to version 4.2.29 or 5.2.12 or 6.0.3

• Introduced through: root@0.0.0 › django-cors-headers@4.7.0 › django@5.2.11

  Fix: Pin django to version 4.2.29 or 5.2.12 or 6.0.3

…and 6 more

Security information

Factors contributing to the scoring:

• Snyk: CVSS v4.0 6.3 - Medium Severity | CVSS v3.1 3.7 - Low Severity
• NVD: Not available. NVD has not yet published its analysis.

Why are the scores different? Learn how Snyk evaluates vulnerability scores

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the URLField.to_python() function when processing URLs containing certain Unicode characters on Windows systems. An attacker can cause excessive resource consumption and application unresponsiveness by submitting large URL inputs crafted with these characters.

QA Notes

null

DEV Notes

null

Design

null

See full ticket and images here: FECFILE-2938