8 matches found
ROS-20240729-15
A vulnerability in the django.utils.text.Truncator.words function of the Django web application software platform is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
RHEL 7 : python-django (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidato...
Regular Expression Denial Of Service (ReDoS)
Django is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to a regular expression with inefficient complexity within the django.utils.text.Truncator.words function. When this function has the html parameter set to true, and is utilizing the truncatewordshtml...
Updated python-django package fixes a security vulnerability
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. CVE-2024-27351...
CVE-2024-27351
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because ...
CVE-2024-27351
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because ...
Internet Bug Bounty: CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
The django.utils.text.Truncator.words method with html=True and truncatewordshtml template filter were found to be vulnerable to a potential regular expression denial-of-service attack. The vulnerability was caused by regular expressions stored in variables that were susceptible to ReDoS attacks,...
Django -- multiple vulnerabilities
Django reports: CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words...