CVE-2023-43665

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-43665
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-43665.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-43665
Aliases
Downstream
Related
Published
2023-11-03T05:15:30Z
Modified
2025-09-19T14:41:33.903099Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatecharshtml and truncatewordshtml template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.

References

Affected packages

Git / github.com/django/django

Affected ranges

Type
GIT
Repo
https://github.com/django/django
Events

Affected versions

3.*

3.2
3.2.1
3.2.10
3.2.11
3.2.12
3.2.13
3.2.14
3.2.15
3.2.16
3.2.17
3.2.18
3.2.19
3.2.2
3.2.20
3.2.21
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9