CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
15.8%
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7.
urlize and urlizetrunc were subject to a potential denial of service attack
via certain inputs with a very large number of brackets.
Author | Note |
---|---|
alexmurray | upstream advises that only versions 4.2, 5.0 and 5.1 (plus main development branch) are affected but it is likely earlier versions may also be affected but upstream do not mention this as they are no longer maintained by them |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | python-django | < 1:1.11.11-1ubuntu1.21+esm5 | UNKNOWN |
ubuntu | 20.04 | noarch | python-django | < 2:2.2.12-1ubuntu0.23 | UNKNOWN |
ubuntu | 22.04 | noarch | python-django | < 2:3.2.12-2ubuntu1.12 | UNKNOWN |
ubuntu | 23.10 | noarch | python-django | < 3:4.2.4-1ubuntu2.3 | UNKNOWN |
ubuntu | 24.04 | noarch | python-django | < 3:4.2.11-1ubuntu1.1 | UNKNOWN |
ubuntu | 14.04 | noarch | python-django | < any | UNKNOWN |
ubuntu | 16.04 | noarch | python-django | < any | UNKNOWN |