In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
History

Wed, 21 Aug 2024 06:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite
Redhat satellite Capsule
CPEs cpe:/a:redhat:satellite:6.15::el8
cpe:/a:redhat:satellite_capsule:6.15::el8
Vendors & Products Redhat satellite
Redhat satellite Capsule

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-03-15T00:00:00

Updated: 2024-08-02T00:34:52.134Z

Reserved: 2024-02-25T00:00:00

Link: CVE-2024-27351

cve-icon Vulnrichment

Updated: 2024-07-31T20:17:02.319Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-15T20:15:09.303

Modified: 2024-11-21T09:04:24.087

Link: CVE-2024-27351

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-03-04T09:00:00Z

Links: CVE-2024-27351 - Bugzilla