Описание
Django vulnerable to Allocation of Resources Without Limits or Throttling
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-26699
- https://docs.djangoproject.com/en/dev/releases/security
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml
- https://groups.google.com/g/django-announce
- https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
- https://www.djangoproject.com/weblog/2025/mar/06/security-releases
- http://www.openwall.com/lists/oss-security/2025/03/06/12
Пакеты
Django
>= 4.2, < 4.2.20
4.2.20
Django
>= 5.0, < 5.0.13
5.0.13
Django
>= 5.1, < 5.1.7
5.1.7
Связанные уязвимости
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, ...
