PYSEC-2025-14

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2025-14.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2025-14
Aliases
Published
2025-04-02T13:15:44Z
Modified
2025-04-09T17:59:30.384298Z
Summary
[none]
Details

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

References

Affected packages

PyPI / django

Package

Name
django
View open source insights on deps.dev
Purl
pkg:pypi/django

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.1
Fixed
5.1.8
Introduced
5.0
Fixed
5.0.14

Affected versions

5.*

5.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
5.0.12
5.0.13
5.1
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7