CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-48432 – Ubuntu Security Notice USN-7555-1
https://notcve.org/view.php?id=CVE-2025-48432
05 Jun 2025 — An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. Se descubrió un problema en Django 5.2 (anterior a la 5.2.2), 5.1 (anterior a la 5.1.10) y 4.2 (anterior a la 4.2.22). El registro interno de respuestas HTTP no e... • https://docs.djangoproject.com/en/dev/releases/security • CWE-117: Improper Output Neutralization for Logs •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2025-32873 – Ubuntu Security Notice USN-7501-2
https://notcve.org/view.php?id=CVE-2025-32873
08 May 2025 — An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). USN-7501-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. • https://github.com/Apollo-R3bot/django-vulnerability-CVE-2025-32873 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27556 – openSUSE Security Advisory - openSUSE-SU-2025:14986-1
https://notcve.org/view.php?id=CVE-2025-27556
02 Apr 2025 — An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. These are all security issues fixed in the python311-Django-5.1.8-1.1 package on the GA media of openSUSE Tumbleweed. • https://docs.djangoproject.com/en/dev/releases/security • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-26699 – django: Potential denial-of-service vulnerability in django.utils.text.wrap()
https://notcve.org/view.php?id=CVE-2025-26699
28 Feb 2025 — An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings. A potential denial of service vulnerability exists in django.utils.text.wrap() and the wordwrap template filter. When processing extremely long strings, these functions may cause excessive resource consumption, potentially leading to service disruption. It was discov... • https://docs.djangoproject.com/en/dev/releases/security • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56374 – django: potential denial-of-service vulnerability in IPv6 validation
https://notcve.org/view.php?id=CVE-2024-56374
14 Jan 2025 — An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) A flaw was found in the Django framework. • https://docs.djangoproject.com/en/dev/releases/security • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-24680 – Django: denial-of-service in ``intcomma`` template filter
https://notcve.org/view.php?id=CVE-2024-24680
06 Feb 2024 — An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. Se descubrió un problema en Django 3.2 anterior a 3.2.24, 4.2 anterior a 4.2.10 y Django 5.0 anterior a 5.0.2. El filtro de plantilla intcomma estaba sujeto a un posible ataque de denegación de servicio cuando se utilizaba con cadenas muy largas. A vulnerability was found in Django. • https://docs.djangoproject.com/en/5.0/releases/security •