[Django] #36868: Bugs is normalize() function
3 views
Skip to first unread message
Django
11:52 AM (2 hours ago) 11:52 AM
to django-...@googlegroups.com
#36868: Bugs is normalize() function
----------------------------+-----------------------------------------
Reporter: hhellbentt | Type: Uncategorized
Status: new | Component: Forms
Version: 6.0 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------+-----------------------------------------
Hello, I am engaged in fuzzing testing and have found two bugs in your
project (possibly vulnerabilities, but when reproduced, the project does
not crash, which means they are simply bugs).
The normalize function from
https://github.com/django/django/blob/main/django/utils/regex_helper.py
Crashes when receiving the following data in two cases:
1) curl -X POST http://127.0.0.1:8000/regex/ --data-binary
$'pattern=\\\266\367 (two backslashes break the logic)
2) when receiving unpaired opening and closing tags, the pop() array
method attempts to remove something that does not exist from an empty
array.
I think this is potentially a vector for a DOS attack. I hope you will fix
this as soon as possible.
Translated with DeepL.com (free version)
--
Ticket URL: <https://code.djangoproject.com/ticket/36868>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
----------------------------+-----------------------------------------
Reporter: hhellbentt | Type: Uncategorized
Status: new | Component: Forms
Version: 6.0 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------+-----------------------------------------
Hello, I am engaged in fuzzing testing and have found two bugs in your
project (possibly vulnerabilities, but when reproduced, the project does
not crash, which means they are simply bugs).
The normalize function from
https://github.com/django/django/blob/main/django/utils/regex_helper.py
Crashes when receiving the following data in two cases:
1) curl -X POST http://127.0.0.1:8000/regex/ --data-binary
$'pattern=\\\266\367 (two backslashes break the logic)
2) when receiving unpaired opening and closing tags, the pop() array
method attempts to remove something that does not exist from an empty
array.
I think this is potentially a vector for a DOS attack. I hope you will fix
this as soon as possible.
Translated with DeepL.com (free version)
--
Ticket URL: <https://code.djangoproject.com/ticket/36868>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
11:52 AM (2 hours ago) 11:52 AM
to django-...@googlegroups.com
#36868: Bugs is normalize() function
-------------------------------+--------------------------------------
Reporter: hhellbentt | Owner: (none)
Type: Uncategorized | Status: new
Component: Forms | Version: 6.0
Severity: Normal | Resolution:
Component: Forms | Version: 6.0
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by hhellbentt):
* Attachment "photo_2026-01-15_19-51-44.jpg" added.
Django
11:54 AM (2 hours ago) 11:54 AM
to django-...@googlegroups.com
#36868: Bugs is normalize() function
-------------------------------+--------------------------------------
Reporter: hhellbentt | Owner: (none)
Type: Uncategorized | Status: new
Component: Forms | Version: 6.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by hhellbentt):
* Attachment "{21C0D829-3A4C-4F29-A562-B5CB4F812ADB}.png" added.
-------------------------------+--------------------------------------
Reporter: hhellbentt | Owner: (none)
Type: Uncategorized | Status: new
Component: Forms | Version: 6.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by hhellbentt):
Django
11:54 AM (2 hours ago) 11:54 AM
to django-...@googlegroups.com
#36868: Bugs is normalize() function
-------------------------------+--------------------------------------
Reporter: hhellbentt | Owner: (none)
Type: Uncategorized | Status: new
Component: Forms | Version: 6.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by hhellbentt):
* Attachment "1.png" added.
-------------------------------+--------------------------------------
Reporter: hhellbentt | Owner: (none)
Type: Uncategorized | Status: new
Component: Forms | Version: 6.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by hhellbentt):
Reply all
Reply to author
Forward
0 new messages