Opened 2 hours ago
#36868 new Uncategorized
Bugs is normalize() function
| Reported by: | hhellbentt | Owned by: | |
|---|---|---|---|
| Component: | Forms | Version: | 6.0 |
| Severity: | Normal | Keywords: | |
| Cc: | hhellbentt | Triage Stage: | Unreviewed |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Hello, I am engaged in fuzzing testing and have found two bugs in your project (possibly vulnerabilities, but when reproduced, the project does not crash, which means they are simply bugs).
The normalize function from https://github.com/django/django/blob/main/django/utils/regex_helper.py
Crashes when receiving the following data in two cases:
1) curl -X POST http://127.0.0.1:8000/regex/ --data-binary $'pattern=
\266\367 (two backslashes break the logic)
2) when receiving unpaired opening and closing tags, the pop() array method attempts to remove something that does not exist from an empty array.
I think this is potentially a vector for a DOS attack. I hope you will fix this as soon as possible.
Translated with DeepL.com (free version)
Attachments (3)
Change History (3)
by , 2 hours ago
| Attachment: | photo_2026-01-15_19-51-44.jpg added |
|---|
by , 2 hours ago
| Attachment: | {21C0D829-3A4C-4F29-A562-B5CB4F812ADB}.png added |
|---|