Lucene search

GitHub Advisory DatabaseGHSA-WJ85-W4F4-XH8H

HistoryMar 18, 2024 - 8:37 p.m.

Denial of service via regular expression

2024-03-1820:37:48

CWE-1333

GitHub Advisory Database

github.com

denial of service

regular expression

server cpu

malicious content

server security

anonymous users

access control

software vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Impact

All historical installations of django-wiki are vulnerable to maliciously crafted article content, that can cause severe use of server CPU through a regular expression loop.

Patches

Workarounds

Close off access to create and edit articles by anonymous users.

References

Are there any links users can visit to find out more?

Affected configurations

Vulners

Node

django-wikidjango_wikiRange<0.10.1

CPENameOperatorVersion
wikilt0.10.1

CPE	Name	Operator	Version
	wiki	lt	0.10.1

References

github.com/advisories/GHSA-wj85-w4f4-xh8h

github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c

github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h

nvd.nist.gov/vuln/detail/CVE-2024-28865

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for GHSA-WJ85-W4F4-XH8H