MGASA-2024-0075

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2024-27351

Published: 20 Mar 2024, 03:35

Last modified:16 Apr 2026, 04:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Mar 2024, 03:35

Published

Vulnerability first disclosed

16 Apr 2026, 04:22

Last Modified

Vulnerability information updated

Description

Updated python-django package fixes a security vulnerability In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. (CVE-2024-27351)

Affected Systems

mageia•python-django
< 4.1.13-1.1.mga9

References (2)

https://advisories.mageia.org/MGASA-2024-0075.html
https://bugs.mageia.org/show_bug.cgi?id=32944