GHSA-wj85-w4f4-xh8h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wj85-w4f4-xh8h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-wj85-w4f4-xh8h/GHSA-wj85-w4f4-xh8h.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wj85-w4f4-xh8h
- Aliases
- Published
- 2024-03-18T20:37:48Z
- Modified
- 2024-03-19T18:48:13.798603Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Denial of service via regular expression
- Details
-
Impact
All historical installations of django-wiki are vulnerable to maliciously crafted article content, that can cause severe use of server CPU through a regular expression loop.
Patches
Workarounds
Close off access to create and edit articles by anonymous users.
References
Are there any links users can visit to find out more?
- Database specific
{ "cwe_ids": [ "CWE-1333" ], "github_reviewed": true, "github_reviewed_at": "2024-03-18T20:37:48Z", "severity": "HIGH", "nvd_published_at": "2024-03-18T22:15:09Z" }- References
Affected packages
PyPI / wiki
Package
- Name
- wiki
- View open source insights on deps.dev
- Purl
- pkg:pypi/wiki
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.10.1
Affected versions
0.*
0.0.20
0.0.21
0.0.22
0.0.23
0.0.24
0.0.24.1
0.0.24.2
0.0.24.3
0.0.24.4
0.0.24.4.post1
0.1.dev20160119155955
0.1b0
0.1
0.1.1
0.1.2
0.2b1
0.2b2
0.2
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3b1
0.3b2
0.3b3
0.3b4
0.3rc1
0.3
0.3.1
0.4a1
0.4a2
0.4a3
0.4a4
0.4a5
0.4b1
0.4b2
0.4b3
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.5.dev20181021091629
0.5
0.6b1
0.6b2
0.6
0.7
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.7.10
0.8
0.8.1
0.8.2
0.9
0.10b1
0.10