14 matches found
Astra Linux - уязвимость в python-django
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True, as well as the truncatewordshtml template filter, are vulnerable to a denial-of-service attack via a crafted regular expression. NOTE: This issue persists due to an...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000169)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000169 advisory. In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template...
python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
An inefficient regular expression complexity flaw was found in the Truncator.words function and truncatewordshtml filter of Django. This issue may allow an attacker to use a suitably crafted string to cause a denial of service...
python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
An inefficient regular expression complexity flaw was found in the Truncator.words function and truncatewordshtml filter of Django. This issue may allow an attacker to use a suitably crafted string to cause a denial of service...
python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
An inefficient regular expression complexity flaw was found in the Truncator.words function and truncatewordshtml filter of Django. This issue may allow an attacker to use a suitably crafted string to cause a denial of service...
python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
An inefficient regular expression complexity flaw was found in the Truncator.words function and truncatewordshtml filter of Django. This issue may allow an attacker to use a suitably crafted string to cause a denial of service...
GHSA-VM8Q-M57G-PFF3 Regular expression denial-of-service in Django
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because ...
PYSEC-2024-47
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because ...
OESA-2024-1254 python-django security update
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An inefficient regular expression complexity flaw was found in the Truncator.words function and truncatewordshtml filter of Django. This issue may allow an attacker to use a...
SUSE CVE-2024-27351
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because ...
Django Security Vulnerabilities
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, a view system, a template system, and more. Django versions 5.0, 4.2, 3.2 have a security vulnerability that stems from a denial of servi...
PYSEC-2023-226
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars and words methods when used with html=True are subject to a potential DoS denial of service attack via certain inputs with very long, potentially malformed HTML text. The chars and words...
django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html'
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...
django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html'
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...