CVE-2023-36053: 
Django vulnerability analysis and mitigation

CVE-2023-36053 affects Django versions 3.2 before 3.2.20, 4.0 before 4.1.10, and 4.2 before 4.2.3. The vulnerability involves EmailValidator and URLValidator components being susceptible to a potential ReDoS (regular expression denial of service) attack when processing domain name labels in emails and URLs (Django Security, NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue stems from insufficient input validation in the EmailValidator and URLValidator components when processing domain name labels, which could be exploited through specially crafted inputs containing a very large number of domain name labels (NVD).

The vulnerability can lead to denial-of-service conditions when processing email addresses or URLs with maliciously crafted domain name labels. This could affect the availability of Django applications that use these validators for input validation (Django Security).

The issue has been fixed in Django versions 3.2.20, 4.1.10, and 4.2.3. Users are strongly encouraged to upgrade to these patched versions. The fixes have been applied to Django's main branch and the respective release branches (Django Security).

The Django project classified this vulnerability with a 'moderate' severity according to their security policy. Various Linux distributions including Debian and Fedora have issued security advisories and patches for their packaged versions of Django (Debian Security, Fedora Update).