Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-14232

Опубликовано: 02 авг. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

РелизСтатусПримечание
bionic

released

1:1.11.11-1ubuntu1.5
devel

released

1:1.11.22-1ubuntu1
disco

released

1:1.11.20-1ubuntu0.2
esm-infra-legacy/trusty

needed

esm-infra/bionic

not-affected

1:1.11.11-1ubuntu1.5
esm-infra/focal

not-affected

1:1.11.22-1ubuntu1
esm-infra/xenial

not-affected

1.8.7-1ubuntu5.10
focal

released

1:1.11.22-1ubuntu1
jammy

released

1:1.11.22-1ubuntu1
kinetic

released

1:1.11.22-1ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 85%
0.02473
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-14232

CVSS3: 5.3
redhat
около 6 лет назад

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

nvd логотип

CVE-2019-14232

CVSS3: 7.5
nvd
около 6 лет назад

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

debian логотип

CVE-2019-14232

CVSS3: 7.5
debian
около 6 лет назад

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...

github логотип

GHSA-c4qh-4vgv-qc6g

CVSS3: 7.5
github
почти 6 лет назад

Django Denial-of-service in django.utils.text.Truncator

fstec логотип

BDU:2020-01765

CVSS3: 7.5
fstec
около 6 лет назад

Уязвимость функции django.utils.text.Truncator методов chars () и words () фреймворка для веб-разработки Django, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 85%
0.02473
Низкий

5 Medium

CVSS2

7.5 High

CVSS3