Resource Exhaustion in python-django | CVE-2021-45115

Threat Intelligence

0.42% (62^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Resource Exhaustion vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-RHEL10-PYTHONDJANGO-9843174
published28 Apr 2025
disclosed1 Jan 2021

Report a new vulnerability Found a mistake?

Introduced: 1 Jan 2021

CVE-2021-45115 (opens in a new tab) CWE-400 (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-django package and not the python-django package as distributed by RHEL.

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.

Resource Exhaustion The advisory has been revoked - it doesn't affect any version of package python-django (opens in a new tab)