CVE-2022-41323 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-41323 Interim 1 13 2026-03-05T04:36:48Z current 2022-10-13T13:32:09Z 2026-03-05T04:36:48Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-41323 In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UHF5IZKTZ2T4T4QQYZMUFHW422X3WCU6/ E-Mail link for openSUSE-SU-2023:0005-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CABDUNI2HFYPJSJ3K3TKRUVRPNJMBQXY/ E-Mail link for openSUSE-SU-2023:0057-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XIBAQZUQ2RHKRUEWEHTVUYM66J3IOWLL/ E-Mail link for openSUSE-SU-2023:0178-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 SUSE Package Hub 15 SP3 SUSE Package Hub 15 SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed python-Django python-Django1 python3-Django-2.2.28-bp153.2.3.1 python3-Django-2.2.28-bp154.2.6.1 python310-Django-4.1.2-1.1 python310-Django4-4.2.14-1.1 python311-Django-5.1.5-1.1 python311-Django4-4.2.14-1.1 python312-Django-5.1.5-1.1 python312-Django4-4.2.14-1.1 python312-Django6-6.0-1.1 python313-Django-5.1.5-1.1 python313-Django6-6.0-1.1 python38-Django-4.1.2-1.1 python39-Django-4.1.2-1.1 python3-Django-2.2.28-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 python3-Django-2.2.28-bp154.2.6.1 as a component of SUSE Package Hub 15 SP4 python3-Django-2.2.28-bp153.2.3.1 as a component of openSUSE Leap 15.3 python3-Django-2.2.28-bp154.2.6.1 as a component of openSUSE Leap 15.4 python310-Django-4.1.2-1.1 as a component of openSUSE Tumbleweed python310-Django4-4.2.14-1.1 as a component of openSUSE Tumbleweed python311-Django-5.1.5-1.1 as a component of openSUSE Tumbleweed python311-Django4-4.2.14-1.1 as a component of openSUSE Tumbleweed python312-Django-5.1.5-1.1 as a component of openSUSE Tumbleweed python312-Django4-4.2.14-1.1 as a component of openSUSE Tumbleweed python312-Django6-6.0-1.1 as a component of openSUSE Tumbleweed python313-Django-5.1.5-1.1 as a component of openSUSE Tumbleweed python313-Django6-6.0-1.1 as a component of openSUSE Tumbleweed python38-Django-4.1.2-1.1 as a component of openSUSE Tumbleweed python39-Django-4.1.2-1.1 as a component of openSUSE Tumbleweed python-Django as a component of HPE Helion OpenStack 8 python-Django as a component of SUSE OpenStack Cloud 8 python-Django1 as a component of SUSE OpenStack Cloud 9 python-Django as a component of SUSE OpenStack Cloud Crowbar 8 python-Django1 as a component of SUSE OpenStack Cloud Crowbar 9 In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. CVE-2022-41323 SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1 SUSE Package Hub 15 SP4:python3-Django-2.2.28-bp154.2.6.1 openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1 openSUSE Leap 15.4:python3-Django-2.2.28-bp154.2.6.1 openSUSE Tumbleweed:python310-Django-4.1.2-1.1 openSUSE Tumbleweed:python310-Django4-4.2.14-1.1 openSUSE Tumbleweed:python311-Django-5.1.5-1.1 openSUSE Tumbleweed:python311-Django4-4.2.14-1.1 openSUSE Tumbleweed:python312-Django-5.1.5-1.1 openSUSE Tumbleweed:python312-Django4-4.2.14-1.1 openSUSE Tumbleweed:python312-Django6-6.0-1.1 openSUSE Tumbleweed:python313-Django-5.1.5-1.1 openSUSE Tumbleweed:python313-Django6-6.0-1.1 openSUSE Tumbleweed:python38-Django-4.1.2-1.1 openSUSE Tumbleweed:python39-Django-4.1.2-1.1 HPE Helion OpenStack 8:python-Django SUSE OpenStack Cloud 8:python-Django SUSE OpenStack Cloud 9:python-Django1 SUSE OpenStack Cloud Crowbar 8:python-Django SUSE OpenStack Cloud Crowbar 9:python-Django1 important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H