PYSEC-2026-2049

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/wiki/PYSEC-2026-2049.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2049
Aliases
Published
2026-07-07T11:45:35.710147Z
Modified
2026-07-07T17:47:43.461472133Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial of service via regular expression
Details

Impact

All historical installations of django-wiki are vulnerable to maliciously crafted article content, that can cause severe use of server CPU through a regular expression loop.

Patches

Workarounds

Close off access to create and edit articles by anonymous users.

References

Are there any links users can visit to find out more?

References

Affected packages

PyPI / wiki

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.1

Affected versions

0.*
0.0.20
0.0.21
0.0.22
0.0.23
0.0.24
0.0.24.1
0.0.24.2
0.0.24.3
0.0.24.4
0.0.24.4.post1
0.1.dev20160119155955
0.1b0
0.1
0.1.1
0.1.2
0.2b1
0.2b2
0.2
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3b1
0.3b2
0.3b3
0.3b4
0.3rc1
0.3
0.3.1
0.4a1
0.4a2
0.4a3
0.4a4
0.4a5
0.4b1
0.4b2
0.4b3
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.5.dev20181021091629
0.5
0.6b1
0.6b2
0.6
0.7
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.7.10
0.8
0.8.1
0.8.2
0.9
0.10b1
0.10

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/wiki/PYSEC-2026-2049.yaml"