CVE-2024-28865

2024-03-1822:15:09

CWE-1333

[email protected]

web.nvd.nist.gov

cve-2024-28865

django-wiki

security vulnerability

cpu abuse

upgrade

anonymous user access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users.

Affected configurations

Vulners

Node

django-wikidjango_wikiRange<0.10.1

CNA Affected

[
  {
    "vendor": "django-wiki",
    "product": "django-wiki",
    "versions": [
      {
        "version": "< 0.10.1",
        "status": "affected"
      }
    ]
  }
]