21 matches found
BIT-DJANGO-2026-1285 Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...
SUSE CVE-2026-1285
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...
GHSA-4RRR-2H4V-F3J9 Django has Inefficient Algorithmic Complexity
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...
PYSEC-2026-45
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...
CVE-2026-1285 Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...
CVE-2026-1285
CVE-2026-1285 affects Django 6.0.x before 6.0.2, 5.2.x before 5.2.11, and 4.2.x before 4.2.28. The issue concerns django.utils.text.Truncator.chars() and Truncator.words() with html=True, and truncatechars_html / truncatewords_html filters, which can allow a remote attacker to trigger a denial-of...
CVE-2026-1285
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...
CVE-2026-1285 Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...
CVE-2026-1285
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...
UBUNTU-CVE-2026-1285
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...
PT-2026-6035
Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.1 Django versions 5.2 through 5.2.10 Django versions 4.2 through 4.2.27 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description The...
python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
An inefficient regular expression complexity flaw was found in the Truncator.words function and truncatewordshtml filter of Django. This issue may allow an attacker to use a suitably crafted string to cause a denial of service...
The vulnerability of the django.utils.text.Truncator.words() function on the Django web application platform allows a attacker to cause a service failure.
The vulnerability of the django.utils.text.Truncator.words function on the Django web application platform is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
python-django: Denial-of-service possibility in django.utils.text.Truncator
An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs...
USN-6674-1 python-django vulnerability
Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service...
python-django: Denial-of-service possibility in django.utils.text.Truncator
An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs...
python-django: Denial-of-service possibility in django.utils.text.Truncator
An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs...
USN-6414-1 python-django vulnerability
Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service...
GHSA-C4QH-4VGV-QC6G Django Denial-of-service in django.utils.text.Truncator
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
The vulnerability of the django.utils.html.urlize function, as well as the chars and words methods of the django.utils.text.Truncator object in the Django web application framework, allows attackers to trigger a denial-of-service attack.
The vulnerability of the django.utils.html.urlize function, as well as the chars and words methods of the django.utils.text.Truncator object in the Django web application framework, lies in the fact that when control over input data is possible, a malicious attacker can create a string that will...