VDB
CVE-2025-26699
CVE-2025-26699
PUBLISHED
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
EPSS 0.29% · 52.4th percentile
Risk Scores
EPSS Score
0.29%
52.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | django | 4.2.0 |
| Bitnami | django | 4.2.0, 4.2.0 |
Timeline
- Feb 14, 2025 CVE ID Reserved
- Mar 6, 2025 CVE Published
- Mar 7, 2025 EPSS Score
- Mar 9, 2025 Coalition ESS Score
- Mar 19, 2025 Coalition ESS Score
- Mar 19, 2025 CVE Updated
- Mar 21, 2025 EPSS Score
- Apr 4, 2025 EPSS Score
- Apr 17, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 15, 2025 EPSS Score
- May 29, 2025 EPSS Score
References
- https://docs.djangoproject.com/en/dev/releases/security/ url
- https://groups.google.com/g/django-announce url
- https://www.djangoproject.com/weblog/2025/mar/06/security-releases/ url
- http://www.openwall.com/lists/oss-security/2025/03/06/12 url
- https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html url
- https://nvd.nist.gov/vuln/detail/CVE-2025-26699 url