[Snyk:High] Django Regular Expression Denial of Service (ReDoS)(due by 08/17/2023)

Question

[Snyk:High] Django Regular Expression Denial of Service (ReDoS)(due by 08/17/2023)

pkfec opened this issue 2 years ago · 1 comments

Overview

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the EmailValidator and URLValidator classes, when processing a very large number of domain name labels on emails or URLs

https://app.snyk.io/org/fecgov/project/5e01de94-91bc-43d8-90b1-8843384b4b26#issue-SNYK-PYTHON-DJANGO-5750790

Detailed path:

django@3.2.19, django-haystack@3.1.1 and others

Completion criteria:

Pin django to version 3.2.20 or 4.1.10 or 4.2.3
parser functionality works

Answer 1 · 2023-08-01T00:17:21.000Z

PR #776 merged. Hence closing this issue