CVE-2019-14235 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-14235 Interim 1 27 2025-10-05T01:50:30Z current 2021-05-30T14:30:08Z 2025-10-05T01:50:30Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-14235 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2019-August/005830.html E-Mail link for SUSE-SU-2019:2180-1 https://www.suse.com/support/update/announcement/2019/suse-su-20192257-1.html E-Mail link for SUSE-SU-2019:2257-1 https://lists.suse.com/pipermail/sle-security-updates/2019-September/005894.html E-Mail link for SUSE-SU-2019:2335-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ/#3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ E-Mail link for openSUSE-SU-2019:1839-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW/#5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW E-Mail link for openSUSE-SU-2019:1872-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Enterprise Storage 4 SUSE Enterprise Storage 5 SUSE OpenStack Cloud 6-LTSS SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 SUSE Package Hub 15 SP1 openSUSE Leap 15.1 python-Django python-Django-1.11.23-3.12.1 python-Django-1.8.19-3.15.1 python-Django1-1.11.23-3.9.1 python3-Django-2.2.4-bp151.3.3.1 python3-Django-2.2.4-lp151.2.3.1 python-Django-1.11.23-3.12.1 as a component of HPE Helion OpenStack 8 python-Django-1.8.19-3.15.1 as a component of SUSE OpenStack Cloud 7 python-Django-1.11.23-3.12.1 as a component of SUSE OpenStack Cloud 8 python-Django1-1.11.23-3.9.1 as a component of SUSE OpenStack Cloud 9 python-Django-1.11.23-3.12.1 as a component of SUSE OpenStack Cloud Crowbar 8 python-Django1-1.11.23-3.9.1 as a component of SUSE OpenStack Cloud Crowbar 9 python3-Django-2.2.4-bp151.3.3.1 as a component of SUSE Package Hub 15 SP1 python3-Django-2.2.4-lp151.2.3.1 as a component of openSUSE Leap 15.1 python-Django as a component of SUSE Enterprise Storage 4 python-Django as a component of SUSE Enterprise Storage 5 python-Django as a component of SUSE OpenStack Cloud 6-LTSS An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. CVE-2019-14235 HPE Helion OpenStack 8:python-Django-1.11.23-3.12.1 SUSE OpenStack Cloud 7:python-Django-1.8.19-3.15.1 SUSE OpenStack Cloud 8:python-Django-1.11.23-3.12.1 SUSE OpenStack Cloud 9:python-Django1-1.11.23-3.9.1 SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.23-3.12.1 SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.23-3.9.1 SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1 openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1 SUSE Enterprise Storage 4:python-Django SUSE Enterprise Storage 5:python-Django SUSE OpenStack Cloud 6-LTSS:python-Django moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L