id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
36868	Bugs is normalize() function	hhellbentt		"Hello, I am engaged in fuzzing testing and have found two bugs in your project (possibly vulnerabilities, but when reproduced, the project does not crash, which means they are simply bugs).

The normalize function from https://github.com/django/django/blob/main/django/utils/regex_helper.py

Crashes when receiving the following data in two cases:
1) curl -X POST http://127.0.0.1:8000/regex/   --data-binary $'pattern=\\\266\367 (two backslashes break the logic)
2) when receiving unpaired opening and closing tags, the pop() array method attempts to remove something that does not exist from an empty array.

I think this is potentially a vector for a DOS attack. I hope you will fix this as soon as possible.

Translated with DeepL.com (free version)"	Bug	closed	Core (URLs)	6.0	Normal	invalid		hhellbentt	Unreviewed	0	0	0	0	0	0