PYSEC-2024-86
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/wagtail/PYSEC-2024-86.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2024-86
- Aliases
- Published
- 2024-07-11T16:15:00Z
- Modified
- 2024-09-19T19:57:23.689301Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Wagtail is an open source content management system built on Django. A bug in Wagtail's
parse_query_stringwould result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space,parse_query_stringwould take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. If your Wagtail site has a custom search implementation which usesparse_query_string, it may be exploitable by other users (e.g. unauthenticated users). Patched versions have been released as Wagtail 5.2.6, 6.0.6 and 6.1.3. - References
-
- https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8
- https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2
- https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797
- https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2
Affected packages
PyPI / wagtail
Package
- Name
- wagtail
- View open source insights on deps.dev
- Purl
- pkg:pypi/wagtail
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wagtail/wagtail
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced6.1Fixed6.1.3Introduced6.0Fixed6.0.6Introduced2.0Fixed5.2.6
Affected versions
2.*
2.0
2.0.1
2.0.2
2.1rc1
2.1rc2
2.1
2.1.1
2.1.2
2.1.3
2.2rc1
2.2rc2
2.2
2.2.1
2.2.2
2.3rc1
2.3rc2
2.3
2.4rc1
2.4
2.5rc1
2.5
2.5.1
2.5.2
2.6rc1
2.6
2.6.1
2.6.2
2.6.3
2.7rc1
2.7rc2
2.7
2.7.1
2.7.2
2.7.3
2.7.4
2.8rc1
2.8
2.8.1
2.8.2
2.9rc1
2.9
2.9.1
2.9.2
2.9.3
2.10rc1
2.10rc2
2.10
2.10.1
2.10.2
2.11rc1
2.11
2.11.1
2.11.2
2.11.3
2.11.4
2.11.5
2.11.6
2.11.7
2.11.8
2.11.9
2.12rc1
2.12
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.12.6
2.13rc1
2.13rc2
2.13rc3
2.13
2.13.1
2.13.2
2.13.3
2.13.4
2.13.5
2.14rc1
2.14
2.14.1
2.14.2
2.15rc1
2.15rc2
2.15
2.15.1
2.15.2
2.15.3
2.15.4
2.15.5
2.15.6
2.16rc1
2.16rc2
2.16
2.16.1
2.16.2
2.16.3
3.*
3.0rc1
3.0rc2
3.0rc3
3.0
3.0.1
3.0.2
3.0.3
4.*
4.0rc1
4.0rc2
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.1rc1
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.1.9
4.2rc1
4.2
4.2.1
4.2.2
4.2.3
4.2.4
5.*
5.0rc1
5.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.1rc1
5.1
5.1.1
5.1.2
5.1.3
5.2rc1
5.2
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
6.*
6.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.1
6.1.1
6.1.2