AI Score
Confidence
Low
EPSS
Percentile
21.9%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
[
{
"cpes": [
"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"
],
"vendor": "djangoproject",
"product": "django",
"versions": [
{
"status": "affected",
"version": "4.2",
"lessThan": "4.2.15",
"versionType": "custom"
},
{
"status": "affected",
"version": "5.0",
"lessThan": "5.0.8",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]