:class:`.UserAttributeSimilarityValidator` incurred significant overhead evaluating submitted password that were artificially large in relative to the comparison values. On the assumption that access to user registration was unrestricted this provided a potential vector for a denial-of-service attack. References: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
Created django:1.6/python-django tracking bugs for this issue: Affects: fedora-all [bug 2037170] Created python-django tracking bugs for this issue: Affects: epel-all [bug 2037171] Affects: fedora-all [bug 2037174] Affects: openstack-rdo [bug 2037172]
Upstream commit: https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f
This issue has been addressed in the following products: Red Hat Satellite 6.11 for RHEL 7 Red Hat Satellite 6.11 for RHEL 8 Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-45115