SUSE CVE-2023-43665

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars and words methods when used with html=True are subject to a potential DoS denial of service attack via certain inputs with very long, potentially malformed HTML text. The chars and words...

The vulnerability of the `django.utils.text.Truncator` class’s `chars()` and `words()` methods in the Django web development framework allows a attacker to cause a denial-of-service attack.

The vulnerability of the django.utils.text.Truncator class’s chars and words methods in the Django web development framework is related to the improper handling of the True value as an argument to html. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

PT-2019-5099 · Django +3 · Django +3

Name of the Vulnerable Software and Affected Versions: Django versions 1.11.x through 1.11.22 Django versions 2.1.x through 2.1.10 Django versions 2.2.x through 2.2.3 Description: The issue is related to the django.utils.text.Truncator class, specifically the chars and words methods. When these...