Описание
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
A potential denial of service vulnerability exists in django.utils.text.wrap() and the wordwrap template filter. When processing extremely long strings, these functions may cause excessive resource consumption, potentially leading to service disruption.
Отчет
This vulnerability is rated as a Moderate severity because it exposes the wrap() method and wordwrap template filter to a potential denial of service attack. Malicious input containing extremely long strings could cause excessive processing, leading to resource exhaustion. However, it does not affect data confidentiality or integrity.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 1.2 | ansible-tower | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-dellemc-openmanage-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/platform-resource-runner-rhel8 | Not affected | ||
| Red Hat Satellite 6 | python-django | Fix deferred | ||
| Discovery 1 for RHEL 9 | discovery/discovery-server-rhel9 | Fixed | RHSA-2025:3709 | 08.04.2025 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | python3x-django | Fixed | RHSA-2025:8609 | 05.06.2025 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | python-django | Fixed | RHSA-2025:8609 | 05.06.2025 |
| Red Hat Ansible Automation Platform 2.5 for RHEL 8 | python3.11-django | Fixed | RHSA-2025:3160 | 25.03.2025 |
| Red Hat Ansible Automation Platform 2.5 for RHEL 8 | ansible-automation-platform-25/lightspeed-rhel8 | Fixed | RHSA-2025:3162 | 25.03.2025 |
| Red Hat Ansible Automation Platform 2.5 for RHEL 8 | automation-controller | Fixed | RHSA-2025:4553 | 06.05.2025 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, ...
Django vulnerable to Allocation of Resources Without Limits or Throttling
7.5 High
CVSS3