Astra Linux - уязвимость в python-django

A issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. The algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to trigger a potential denial-of-service attack, leading to CPU and memory exhaustion through specially...

Denial Of Service (DoS)

Django is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient processing in django.core.serializers.xmlserializer.getInnerText when handling specially crafted XML input, which allows a remote attacker to trigger CPU and memory exhaustion through the XML Deserializer...

OESA-2025-2790 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...

Inefficient Algorithmic Complexity

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the getInnerText function. An attacker can exhaust CPU and memory resources by submitting...

CVE-2025-64460

CVE-2025-64460 is a DoS in Django related to an algorithmic complexity issue in django.core.serializers.xml_serializer.getInnerText(), where a specially crafted XML input processed by the XML Deserializer can exhaust CPU and memory. Affected series include Django 5.2 before 5.2.9, 5.1 before 5.1....

Regular Expression Denial Of Service (ReDoS)

jsoneditor is vulnerable to regular expression denial of service. The use of inefficient regex pattern for trimmedValue in getInnerText function of util.js allows a malicious user to crash the application by providing a malicious input...