Описание
Denial of service via regular expression
Impact
All historical installations of django-wiki are vulnerable to maliciously crafted article content, that can cause severe use of server CPU through a regular expression loop.
Patches
Workarounds
Close off access to create and edit articles by anonymous users.
References
Are there any links users can visit to find out more?
Пакеты
Наименование
wiki
pip
Затронутые версииВерсия исправления
< 0.10.1
0.10.1
Связанные уязвимости
CVSS3: 7.5
nvd
почти 2 года назад
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users.