logo

Database

Asymmetric denial of service In django

Description

Django Potential Denial of Service (DoS) on Windows An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-275562. NVD-2025-275563. OSV-2025-275564. GCVE-2025-27556

References

1. https://github.com/django/django/commit/2cb311f7b069723027fb5def4044d1816d7d2afd2. https://github.com/django/django/commit/39e2297210d9d2938c75fc911d45f0e863dc48213. https://github.com/django/django/commit/8c6871b097b6c49d2a782c0d80d908bcbe2116f14. https://github.com/django/django/commit/edc2716d01a6fdd84b173c02031695231bcee1f85. https://docs.djangoproject.com/en/dev/releases/security6. https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-14.yaml7. https://groups.google.com/g/django-announce8. https://www.djangoproject.com/weblog/2025/apr/02/security-releases9. http://www.openwall.com/lists/oss-security/2025/04/02/2

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.