In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
Metrics
Affected Vendors & Products
References
History
Wed, 21 Aug 2024 06:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat satellite
Redhat satellite Capsule |
|
CPEs | cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_capsule:6.15::el8 |
|
Vendors & Products |
Redhat satellite
Redhat satellite Capsule |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-03-15T00:00:00
Updated: 2024-08-02T00:34:52.134Z
Reserved: 2024-02-25T00:00:00
Link: CVE-2024-27351
Vulnrichment
Updated: 2024-07-31T20:17:02.319Z
NVD
Status : Awaiting Analysis
Published: 2024-03-15T20:15:09.303
Modified: 2024-11-21T09:04:24.087
Link: CVE-2024-27351
Redhat