CVE-2024-28865

Published: Mar 18, 2024

Modified: Aug 21, 2024

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users.

Vendor	Product	Versions
django-wiki	django-wiki	affected `< 0.10.1`

Weaknesses (CWE)

CWE-1333

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h

x_refsource_CONFIRM

https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-28865

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References