An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Django | Djangoproject | 4.2 (including) | 4.2.15 (excluding) |
| Django | Djangoproject | 5.0 (including) | 5.0.8 (excluding) |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | RedHat | automation-controller-0:4.5.10-1.el8ap | * |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | RedHat | python3x-django-0:4.2.15-1.el8ap | * |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | RedHat | automation-controller-0:4.5.10-1.el9ap | * |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | RedHat | python-django-0:4.2.15-1.el9ap | * |
| RHUI 4 for RHEL 8 | RedHat | python-django-0:4.2.15-1.el8ui | * |
| Python-django | Ubuntu | devel | * |
| Python-django | Ubuntu | esm-infra/bionic | * |
| Python-django | Ubuntu | esm-infra/focal | * |
| Python-django | Ubuntu | focal | * |
| Python-django | Ubuntu | jammy | * |
| Python-django | Ubuntu | noble | * |
| Python-django | Ubuntu | oracular | * |
| Python-django | Ubuntu | plucky | * |
| Python-django | Ubuntu | questing | * |
| Python-django | Ubuntu | trusty/esm | * |
| Python-django | Ubuntu | upstream | * |