The vulnerability of the `django.utils.text.Truncator` class’s `chars()` and `words()` methods in the Django web development framework allows a attacker to cause a denial-of-service attack.

The vulnerability of the django.utils.text.Truncator class’s chars and words methods in the Django web development framework is related to the improper handling of the True value as an argument to html. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

PT-2019-5099 · Django +3 · Django +3

Name of the Vulnerable Software and Affected Versions: Django versions 1.11.x through 1.11.22 Django versions 2.1.x through 2.1.10 Django versions 2.2.x through 2.2.3 Description: The issue is related to the django.utils.text.Truncator class, specifically the chars and words methods. When these...

django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html'

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...