Python/django/3.2.13

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

https://pypi.org/project/django
BSD-3-Clause AND BSD

9 Security Vulnerabilities

Django Denial of service vulnerability in django.utils.encoding.uri_to_iri

Published date: 2023-11-03T06:36:29Z
CVE: CVE-2023-41164
Links:

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uritoiri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

Affected versions: ["4.2", "4.2.1", "4.2.2", "4.2.3", "4.2.4", "4.1", "4.1.1", "4.1.2", "4.1.3", "4.1.4", "4.1.5", "4.1.6", "4.1.7", "4.1.8", "4.1.9", "4.1.10", "3.2", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "3.2.10", "3.2.11", "3.2.12", "3.2.13", "3.2.14", "3.2.15", "3.2.16", "3.2.17", "3.2.18", "3.2.19", "3.2.20"]
Secure versions: [4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6]
Recommendation: Update to version 5.0.6.

Django Denial-of-service in django.utils.text.Truncator

Published date: 2023-11-03T06:36:30Z
CVE: CVE-2023-43665
Links:

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatecharshtml and truncatewordshtml template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.

Affected versions: ["4.2", "4.2.1", "4.2.2", "4.2.3", "4.2.4", "4.2.5", "4.1", "4.1.1", "4.1.2", "4.1.3", "4.1.4", "4.1.5", "4.1.6", "4.1.7", "4.1.8", "4.1.9", "4.1.10", "4.1.11", "3.2", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "3.2.10", "3.2.11", "3.2.12", "3.2.13", "3.2.14", "3.2.15", "3.2.16", "3.2.17", "3.2.18", "3.2.19", "3.2.20", "3.2.21"]
Secure versions: [4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6]
Recommendation: Update to version 5.0.6.

Django has regular expression denial of service vulnerability in EmailValidator/URLValidator

Published date: 2023-07-03T15:30:45Z
CVE: CVE-2023-36053
Links:

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

Affected versions: ["3.2", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "3.2.10", "3.2.11", "3.2.12", "3.2.13", "3.2.14", "3.2.15", "3.2.16", "3.2.17", "3.2.18", "3.2.19", "4.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.1a1", "4.0.5", "4.1b1", "4.0.6", "4.1rc1", "4.0.7", "4.1", "4.1.1", "4.0.8", "4.1.2", "4.1.3", "4.1.4", "4.1.5", "4.0.9", "4.1.6", "4.0.10", "4.1.7", "4.1.8", "4.1.9", "4.2", "4.2.1", "4.2.2"]
Secure versions: [4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6]
Recommendation: Update to version 5.0.6.

Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection

Published date: 2022-07-05T00:00:53Z
CVE: CVE-2022-34265
Links:

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

Affected versions: ["4.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "3.2", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "3.2.10", "3.2.11", "3.2.12", "3.2.13"]
Secure versions: [4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6]
Recommendation: Update to version 5.0.6.

Django contains Uncontrolled Resource Consumption via cached header

Published date: 2023-02-01T21:30:23Z
CVE: CVE-2023-23969
Links:

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

Affected versions: ["4.0b1", "4.0rc1", "4.1a1", "4.1b1", "4.1rc1", "4.1", "4.1.1", "4.1.2", "4.1.3", "4.1.4", "4.1.5", "4.0a1", "4.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "4.0.8", "3.0b1", "3.0rc1", "3.1b1", "3.1rc1", "3.2", "3.2a1", "3.2b1", "3.2rc1", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "3.2.10", "3.2.11", "3.2.12", "3.2.13", "3.2.14", "3.2.15", "3.2.16"]
Secure versions: [4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6]
Recommendation: Update to version 5.0.6.

Django potential denial of service vulnerability in UsernameField on Windows

Published date: 2023-11-02T06:30:25Z
CVE: CVE-2023-46695
Links:

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

Affected versions: ["4.2", "4.2.1", "4.2.2", "4.2.3", "4.2.4", "4.2.5", "4.2.6", "4.1", "4.1.1", "4.1.2", "4.1.3", "4.1.4", "4.1.5", "4.1.6", "4.1.7", "4.1.8", "4.1.9", "4.1.10", "4.1.11", "4.1.12", "3.2", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "3.2.10", "3.2.11", "3.2.12", "3.2.13", "3.2.14", "3.2.15", "3.2.16", "3.2.17", "3.2.18", "3.2.19", "3.2.20", "3.2.21", "3.2.22"]
Secure versions: [4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6]
Recommendation: Update to version 5.0.6.

Django denial-of-service vulnerability in internationalized URLs

Published date: 2022-10-16T12:00:23Z
CVE: CVE-2022-41323
Links:

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

Affected versions: ["4.1", "4.1.1", "4.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "3.2", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "3.2.10", "3.2.11", "3.2.12", "3.2.13", "3.2.14", "3.2.15"]
Secure versions: [4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6]
Recommendation: Update to version 5.0.6.

Regular expression denial-of-service in Django

Published date: 2024-03-15T21:30:43Z
CVE: CVE-2024-27351
Links:

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.

Affected versions: ["5.0", "5.0.1", "5.0.2", "4.2", "4.2.1", "4.2.2", "4.2.3", "4.2.4", "4.2.5", "4.2.6", "4.2.7", "4.2.8", "4.2.9", "4.2.10", "3.2", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "3.2.10", "3.2.11", "3.2.12", "3.2.13", "3.2.14", "3.2.15", "3.2.16", "3.2.17", "3.2.18", "3.2.19", "3.2.20", "3.2.21", "3.2.22", "3.2.23", "3.2.24"]
Secure versions: [4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6]
Recommendation: Update to version 5.0.6.

Django denial-of-service attack in the intcomma template filter

Published date: 2024-02-07T00:30:25Z
CVE: CVE-2024-24680
Links:

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

Affected versions: ["5.0", "5.0.1", "4.2", "4.2.1", "4.2.2", "4.2.3", "4.2.4", "4.2.5", "4.2.6", "4.2.7", "4.2.8", "4.2.9", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.1", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.10", "1.10.1", "1.10.2", "1.10.3", "1.10.4", "1.10.5", "1.10.6", "1.10.7", "1.10.8", "1.10a1", "1.10b1", "1.10rc1", "1.11", "1.11.1", "1.11.10", "1.11.11", "1.11.12", "1.11.13", "1.11.14", "1.11.15", "1.11.16", "1.11.17", "1.11.18", "1.11.2", "1.11.20", "1.11.21", "1.11.22", "1.11.23", "1.11.24", "1.11.25", "1.11.26", "1.11.27", "1.11.28", "1.11.29", "1.11.3", "1.11.4", "1.11.5", "1.11.6", "1.11.7", "1.11.8", "1.11.9", "1.11a1", "1.11b1", "1.11rc1", "1.2", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.7", "1.3", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.4", "1.4.1", "1.4.10", "1.4.11", "1.4.12", "1.4.13", "1.4.14", "1.4.15", "1.4.16", "1.4.17", "1.4.18", "1.4.19", "1.4.2", "1.4.20", "1.4.21", "1.4.22", "1.4.3", "1.4.4", "1.4.5", "1.4.6", "1.4.7", "1.4.8", "1.4.9", "1.5", "1.5.1", "1.5.10", "1.5.11", "1.5.12", "1.5.2", "1.5.3", "1.5.4", "1.5.5", "1.5.6", "1.5.7", "1.5.8", "1.5.9", "1.6", "1.6.1", "1.6.10", "1.6.11", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.7", "1.7.1", "1.7.10", "1.7.11", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9", "1.8", "1.8.1", "1.8.10", "1.8.11", "1.8.12", "1.8.13", "1.8.14", "1.8.15", "1.8.16", "1.8.17", "1.8.18", "1.8.19", "1.8.2", "1.8.3", "1.8.4", "1.8.5", "1.8.6", "1.8.7", "1.8.8", "1.8.9", "1.8a1", "1.8b1", "1.8b2", "1.8c1", "1.9", "1.9.1", "1.9.10", "1.9.11", "1.9.12", "1.9.13", "1.9.2", "1.9.3", "1.9.4", "1.9.5", "1.9.6", "1.9.7", "1.9.8", "1.9.9", "1.9a1", "1.9b1", "1.9rc1", "1.9rc2", "2.0", "2.0.1", "2.0.10", "2.0.12", "2.0.13", "2.0.2", "2.0.3", "2.0.4", "2.0.5", "2.0.6", "2.0.7", "2.0.8", "2.0.9", "2.0a1", "2.0b1", "2.0rc1", "2.1", "2.1.1", "2.1.10", "2.1.11", "2.1.12", "2.1.13", "2.1.14", "2.1.15", "2.1.2", "2.1.3", "2.1.4", "2.1.5", "2.1.7", "2.1.8", "2.1.9", "2.1a1", "2.1b1", "2.1rc1", "2.2", "2.2.1", "2.2.10", "2.2.11", "2.2.12", "2.2.13", "2.2.14", "2.2.15", "2.2.16", "2.2.17", "2.2.18", "2.2.19", "2.2.2", "2.2.20", "2.2.3", "2.2.4", "2.2.5", "2.2.6", "2.2.7", "2.2.8", "2.2.9", "2.2a1", "2.2b1", "2.2rc1", "3.0", "3.0.1", "3.0.10", "3.0.11", "3.0.12", "3.0.13", "3.0.14", "3.0.2", "3.0.3", "3.0.4", "3.0.5", "3.0.6", "3.0.7", "3.0.8", "3.0.9", "3.0a1", "3.0b1", "3.0rc1", "3.1", "3.1.1", "3.1.2", "3.1.3", "3.1.4", "3.1.5", "3.1.6", "3.1.7", "3.1.8", "3.1a1", "3.1b1", "3.1rc1", "3.2", "3.2a1", "3.2b1", "3.2rc1", "2.2.21", "3.1.9", "3.2.1", "2.2.22", "3.1.10", "3.2.2", "2.2.23", "3.1.11", "3.2.3", "2.2.24", "3.1.12", "3.2.4", "3.1.13", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "2.2.25", "3.1.14", "3.2.10", "2.2.26", "3.2.11", "2.2.27", "3.2.12", "2.2.28", "3.2.13", "3.2.14", "3.2.15", "3.2.16", "3.2.17", "3.2.18", "3.2.19", "3.2.20", "3.2.21", "3.2.22", "3.2.23"]
Secure versions: [4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6]
Recommendation: Update to version 5.0.6.

360 Other Versions

Version License Security Released
1.9.10 BSD 10 2016-09-26 - 18:32 over 7 years
1.9.9 BSD 11 2016-08-01 - 18:10 almost 8 years
1.9.8 BSD 11 2016-07-18 - 18:19 almost 8 years
1.9.7 BSD 12 2016-06-04 - 23:43 almost 8 years
1.9.6 BSD 12 2016-05-02 - 22:33 about 8 years
1.9.5 BSD 12 2016-04-01 - 17:47 about 8 years
1.9.4 BSD 12 2016-03-05 - 14:31 about 8 years
1.9.3 BSD 12 2016-03-01 - 17:00 about 8 years
1.9.2 BSD 14 2016-02-01 - 17:17 over 8 years
1.9.1 BSD 15 2016-01-02 - 13:50 over 8 years
1.9 BSD 15 2015-12-01 - 23:55 over 8 years
1.8.19 BSD 6 2018-03-06 - 14:22 about 6 years
1.8.18 BSD 8 2017-04-04 - 14:07 about 7 years
1.8.17 BSD 10 2016-12-01 - 23:03 over 7 years
1.8.16 BSD 10 2016-11-01 - 14:09 over 7 years
1.8.15 BSD 12 2016-09-26 - 18:30 over 7 years
1.8.14 BSD 13 2016-07-18 - 18:38 almost 8 years
1.8.13 BSD 14 2016-05-02 - 22:49 about 8 years
1.8.12 BSD 14 2016-04-01 - 17:54 about 8 years
1.8.11 BSD 14 2016-03-05 - 18:36 about 8 years
1.8.10 BSD 14 2016-03-01 - 17:10 about 8 years
1.8.9 BSD 16 2016-02-01 - 17:24 over 8 years
1.8.8 BSD 16 2016-01-02 - 14:28 over 8 years
1.8.7 BSD 16 2015-11-24 - 17:28 over 8 years
1.8.6 BSD 17 2015-11-04 - 17:03 over 8 years
1.8.5 BSD 17 2015-10-04 - 00:06 over 8 years
1.8.4 BSD 17 2015-08-18 - 17:06 over 8 years
1.8.3 BSD 18 2015-07-08 - 19:43 almost 9 years
1.8.2 BSD 21 2015-05-20 - 18:02 almost 9 years
1.8.1 BSD 21 2015-05-01 - 20:36 about 9 years
1.8 BSD 21 2015-04-01 - 20:12 about 9 years
1.7.11 BSD 10 2015-11-24 - 17:19 over 8 years
1.7.10 BSD 11 2015-08-18 - 17:15 over 8 years
1.7.9 BSD 12 2015-07-08 - 21:33 almost 9 years
1.7.8 BSD 14 2015-05-01 - 20:42 about 9 years
1.7.7 BSD 14 2015-03-18 - 23:49 about 9 years
1.7.6 BSD 14 2015-03-09 - 15:30 about 9 years
1.7.5 BSD 15 2015-02-25 - 13:58 about 9 years
1.7.4 BSD 15 2015-01-27 - 17:22 over 9 years
1.7.3 BSD 15 2015-01-13 - 18:39 over 9 years
1.7.2 BSD 18 2015-01-03 - 01:37 over 9 years
1.7.1 BSD 18 2014-10-22 - 16:56 over 9 years
1.7 BSD 18 2014-09-02 - 21:09 over 9 years
1.6.11 BSD 13 2015-03-18 - 23:57 about 9 years
1.6.10 BSD 13 2015-01-13 - 18:48 over 9 years
1.6.9 BSD 16 2015-01-03 - 01:52 over 9 years
1.6.8 BSD 16 2014-10-22 - 16:50 over 9 years
1.6.7 BSD 16 2014-09-02 - 20:55 over 9 years
1.6.6 BSD 16 2014-08-20 - 20:17 over 9 years
1.6.5 BSD 19 2014-05-14 - 18:33 almost 10 years
1.6.4 BSD 21 2014-04-28 - 20:40 about 10 years
1.6.3 BSD 21 2014-04-21 - 23:12 about 10 years
1.6.2 BSD 23 2014-02-06 - 21:51 about 10 years
1.6.1 BSD 23 2013-12-12 - 20:04 over 10 years
1.6 BSD 23 2013-11-06 - 15:01 over 10 years
1.5.12 BSD 13 2015-01-03 - 02:09 over 9 years
1.5.11 BSD 13 2014-10-22 - 16:45 over 9 years
1.5.10 BSD 13 2014-09-02 - 20:51 over 9 years
1.5.9 BSD 13 2014-08-20 - 20:10 over 9 years
1.5.8 BSD 16 2014-05-14 - 18:35 almost 10 years
1.5.7 BSD 18 2014-04-28 - 20:35 about 10 years
1.5.6 BSD 18 2014-04-21 - 22:53 about 10 years
1.5.5 BSD 20 2013-10-25 - 04:32 over 10 years
1.5.4 BSD 20 2013-09-15 - 06:30 over 10 years
1.5.3 BSD 21 2013-09-11 - 01:26 over 10 years
1.5.2 BSD 22 2013-08-13 - 16:54 over 10 years
1.5.1 BSD 24 2013-03-28 - 20:57 about 11 years
1.5 BSD 24 2013-02-26 - 19:30 about 11 years
1.4.22 BSD 11 2015-08-18 - 17:22 over 8 years
1.4.21 BSD 12 2015-07-08 - 19:56 almost 9 years
1.4.20 BSD 14 2015-03-19 - 00:03 about 9 years
1.4.19 BSD 14 2015-01-27 - 17:11 over 9 years
1.4.18 BSD 14 2015-01-13 - 18:54 over 9 years
1.4.17 BSD 17 2015-01-03 - 02:20 over 9 years
1.4.16 BSD 17 2014-10-22 - 16:37 over 9 years
1.4.15 BSD 17 2014-09-02 - 20:44 over 9 years
1.4.14 BSD 17 2014-08-20 - 20:01 over 9 years
1.4.13 BSD 20 2014-05-14 - 18:27 almost 10 years
1.4.12 BSD 22 2014-04-28 - 20:30 about 10 years
1.4.11 BSD 22 2014-04-21 - 22:40 about 10 years
1.4.10 BSD 24 2013-11-06 - 14:21 over 10 years
1.4.9 BSD 24 2013-10-25 - 04:38 over 10 years
1.4.8 BSD 24 2013-09-15 - 06:22 over 10 years
1.4.7 BSD 25 2013-09-11 - 01:18 over 10 years
1.4.6 BSD 26 2013-08-13 - 16:52 over 10 years
1.4.5 BSD 27 2013-02-20 - 19:54 about 11 years
1.4.4 BSD 27 2013-02-19 - 20:27 about 11 years
1.4.3 BSD 29 2012-12-10 - 21:46 over 11 years
1.4.2 BSD 29 2012-10-17 - 22:18 over 11 years
1.4.1 BSD 30 2012-07-30 - 22:48 almost 12 years
1.4 BSD 32 2012-03-23 - 18:00 about 12 years
1.3.7 BSD 21 2013-02-20 - 20:03 about 11 years
1.3.6 BSD 21 2013-02-19 - 20:32 about 11 years
1.3.5 BSD 23 2012-12-10 - 21:39 over 11 years
1.3.4 BSD 23 2013-03-05 - 22:33 about 11 years
1.3.3 BSD 24 2012-08-01 - 22:08 almost 12 years
1.3.2 BSD 24 2012-07-30 - 23:02 almost 12 years
1.3.1 BSD 26 2011-09-10 - 03:36 over 12 years
1.3 BSD 30 2011-03-23 - 06:09 about 13 years
1.2.7 BSD 23 2011-09-11 - 03:05 over 12 years