CVE-2024-28865 HIGH

CVE-2024-28865: django-wiki denial of service via regular expression

Vendor Django-Wiki
Product django-wiki
Weakness CWE-1333
Published March 18, 2024
Last update August 21, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users.

Key dates

02Disclosure timeline

March 18, 2024 CVE published
August 21, 2024 Record updated