Lucene search

GitHub_MCVELIST:CVE-2024-28865

HistoryMar 18, 2024 - 9:53 p.m.

CVE-2024-28865 django-wiki denial of service via regular expression

2024-03-1821:53:59

CWE-1333

GitHub_M

www.cve.org

cve-2024-28865 django-wiki denial of service

regular expression

version 0.10.1 fix

server cpu

anonymous users

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users.

CNA Affected

[
  {
    "vendor": "django-wiki",
    "product": "django-wiki",
    "versions": [
      {
        "version": "< 0.10.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c

github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-28865