GHSA-p3fp-8748-vqfq

Source

https://github.com/advisories/GHSA-p3fp-8748-vqfq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-p3fp-8748-vqfq/GHSA-p3fp-8748-vqfq.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-p3fp-8748-vqfq

Aliases

Related

CGA-32q5-mgp8-6gh9

Published

2025-03-06T21:31:26Z

Modified

2025-04-09T20:30:53.354939Z

Severity

5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVSS Calculator

Summary

Django vulnerable to Allocation of Resources Without Limits or Throttling

Details

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.

Database specific

{
    "severity": "MODERATE",
    "nvd_published_at": "2025-03-06T19:15:27Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-770"
    ],
    "github_reviewed_at": "2025-03-06T22:35:37Z"
}

References

Affected packages

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2

Fixed

4.2.20

Affected versions

4.*

4.2

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

4.2.9

4.2.10

4.2.11

4.2.12

4.2.13

4.2.14

4.2.15

4.2.16

4.2.17

4.2.18

4.2.19

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0

Fixed

5.0.13

Affected versions

5.*

5.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.0.11

5.0.12

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.1

Fixed

5.1.7

Affected versions

5.*

5.1

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6