Описание
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 3:4.2.15-1 |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | released | 1:1.11.11-1ubuntu1.21+esm6 |
| esm-infra/focal | not-affected | 2:2.2.12-1ubuntu0.24 |
| esm-infra/xenial | needs-triage | |
| focal | released | 2:2.2.12-1ubuntu0.24 |
| jammy | released | 2:3.2.12-2ubuntu1.13 |
| noble | released | 3:4.2.11-1ubuntu1.2 |
| oracular | released | 3:4.2.15-1 |
| plucky | released | 3:4.2.15-1 |
Показывать по
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...
Уязвимость функции django.utils.html.urlize() программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3