GHSA-wj85-w4f4-xh8h

Suggest an improvement
Source
https://github.com/advisories/GHSA-wj85-w4f4-xh8h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-wj85-w4f4-xh8h/GHSA-wj85-w4f4-xh8h.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-wj85-w4f4-xh8h
Aliases
Published
2024-03-18T20:37:48Z
Modified
2024-03-19T18:48:13.798603Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial of service via regular expression
Details

Impact

All historical installations of django-wiki are vulnerable to maliciously crafted article content, that can cause severe use of server CPU through a regular expression loop.

Patches

Workarounds

Close off access to create and edit articles by anonymous users.

References

Are there any links users can visit to find out more?

References

Affected packages

PyPI / wiki

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.1

Affected versions

0.*

0.0.20
0.0.21
0.0.22
0.0.23
0.0.24
0.0.24.1
0.0.24.2
0.0.24.3
0.0.24.4
0.0.24.4.post1
0.1.dev20160119155955
0.1b0
0.1
0.1.1
0.1.2
0.2b1
0.2b2
0.2
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3b1
0.3b2
0.3b3
0.3b4
0.3rc1
0.3
0.3.1
0.4a1
0.4a2
0.4a3
0.4a4
0.4a5
0.4b1
0.4b2
0.4b3
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.5.dev20181021091629
0.5
0.6b1
0.6b2
0.6
0.7
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.7.10
0.8
0.8.1
0.8.2
0.9
0.10b1
0.10