Security Vulnerability Detected
Dependency: Django
Criticality: MEDIUM (Score: undefined)
Vulnerability Details
Name: CVE-2024-27351
Description:
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
Metadata
"{\"vulnerabilityIdentifiers\":[\"CVE-2024-27351\"],\"published\":\"2024-03-15T20:15:09.303\",\"lastModified\":\"2025-11-04T19:17:03.553\",\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"exploitabilityScore\":1.6,\"impactScore\":3.6,\"weaknesses\":[\"CWE-1333\"]}"
Security Vulnerability Detected
Dependency:
DjangoCriticality: MEDIUM (Score: undefined)
Vulnerability Details
Name: CVE-2024-27351
Description:
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
Metadata
"{\"vulnerabilityIdentifiers\":[\"CVE-2024-27351\"],\"published\":\"2024-03-15T20:15:09.303\",\"lastModified\":\"2025-11-04T19:17:03.553\",\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"exploitabilityScore\":1.6,\"impactScore\":3.6,\"weaknesses\":[\"CWE-1333\"]}"