| | 74 | |
| | 75 | === slugify, normalize_username === |
| | 76 | |
| | 77 | After review, we've determined that the reported issue only affects workflows that process user input without sanitization. As documented at [0]: |
| | 78 | |
| | 79 | "Reports based on a failure to sanitize user input are not valid security vulnerabilities. It is the developer’s responsibility to properly handle user input." |
| | 80 | |
| | 81 | In this case, the behavior described relies on passing unbounded, unvalidated user input to helper functions such as `slugify` and `normalize_username`, which are not intended to operate on raw user input. Because of this, the behavior you reported is not considered a security issue within the Django project. |
| | 82 | |
| | 83 | Thanks for taking the time to submit it through the appropriate channel. |
| | 84 | |
| | 85 | Kind regards, |
| | 86 | the Django Security Team |
| | 87 | |
| | 88 | [0] https://docs.djangoproject.com/en/stable/internals/security/#user-input-must-be-sanitized |