Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-27351

Опубликовано: 15 мар. 2024
Источник: debian
EPSS Низкий

Описание

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-djangofixed3:4.2.11-1package
python-djangopostponedbookwormpackage
python-djangono-dsabusterpackage

Примечания

  • https://www.djangoproject.com/weblog/2024/mar/04/security-releases/

  • https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e (5.0.3)

  • https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a (4.2.11)

  • https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521 (3.2.25)

  • CVE is a followup to CVE-2019-14232 and CVE-2023-43665.

EPSS

Процентиль: 73%
0.00824
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-27351

CVSS3: 5.3
ubuntu
больше 1 года назад

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.

redhat логотип

CVE-2024-27351

CVSS3: 7.5
redhat
больше 1 года назад

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.

nvd логотип

CVE-2024-27351

CVSS3: 5.3
nvd
больше 1 года назад

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.

suse-cvrf логотип

openSUSE-SU-2024:0080-1

suse-cvrf
больше 1 года назад

Security update for python-Django1

suse-cvrf логотип

SUSE-SU-2024:0902-1

suse-cvrf
больше 1 года назад

Security update for python-Django

EPSS

Процентиль: 73%
0.00824
Низкий