Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Django 安全漏洞
Vulnerability Description
Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django存在安全漏洞,该漏洞源于文本截断器正则表达式存在线性回溯复杂性问题,导致存在拒绝服务(DoS)漏洞。受影响的产品和版本:Django 5.0版本, 4.2版本,4.1版本,3.2版本。
CVSS Information
N/A
Vulnerability Type
N/A