CVE-2025-26699

EPSS 0.29%
Veröffentlicht 06.03.2025 19:15:27
Zuletzt bearbeitet 03.10.2025 00:32:38
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 4 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Djangoproject ≫ Django Version >= 4.2 < 4.2.20

Djangoproject ≫ Django Version >= 5.0 < 5.0.13

Djangoproject ≫ Django Version >= 5.1 < 5.1.7

Debian ≫ Debian Linux Version11.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.521

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve@mitre.org	5	3.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://docs.djangoproject.com/en/dev/releases/security/

Vendor Advisory

Release Notes

https://groups.google.com/g/django-announce

Vendor Advisory

https://www.djangoproject.com/weblog/2025/mar/06/security-releases/

Vendor Advisory

Release Notes

http://www.openwall.com/lists/oss-security/2025/03/06/12

Mailing List

https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html

Third Party Advisory