Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-1285

Опубликовано: 03 фев. 2026
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars() and Truncator.words() methods (with html=True) and the truncatechars_html and truncatewords_html template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
Версия от 4.2 (включая) до 4.2.28 (исключая)
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
Версия от 5.2 (включая) до 5.2.11 (исключая)
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
Версия от 6.0 (включая) до 6.0.2 (исключая)

EPSS

Процентиль: 23%
0.00077
Низкий

7.5 High

CVSS3

Дефекты

CWE-407

Связанные уязвимости

ubuntu логотип

CVE-2026-1285

CVSS3: 7.5
ubuntu
около 2 месяцев назад

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

redhat логотип

CVE-2026-1285

CVSS3: 7.5
redhat
около 2 месяцев назад

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

debian логотип

CVE-2026-1285

CVSS3: 7.5
debian
около 2 месяцев назад

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...

github логотип

GHSA-4rrr-2h4v-f3j9

github
около 2 месяцев назад

Django has Inefficient Algorithmic Complexity

fstec логотип

BDU:2026-03467

CVSS3: 7.5
fstec
около 2 месяцев назад

Уязвимость программной платформы для веб-приложений Django, связанная с алгоритмической сложностью, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 23%
0.00077
Низкий

7.5 High

CVSS3

Дефекты

CWE-407