Question 1

What is CVE-2023-23969 — CVE-2023-23969?

Accepted Answer

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

Question 2

What is the authoritative source for CVE-2023-23969?

Accepted Answer

CVE-2023-23969 (CVE-2023-23969) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	7.5 ()
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS	47.10% probability of exploitation · percentile 98.7% · 2026-06-18T12:00:27Z
Last modified	2026-06-17

CVE-2023-23969CVE-2023-23969

Description

Scoring