Django vulnerable to Allocation of Resources Without Limits or Throttling

GHSA-p3fp-8748-vqfq · BIT-django-2025-26699 · CVE-2025-26699 · PYSEC-2025-13

Published Mar 6, 2025 · Modified Feb 4, 2026

Description

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-26699
WEB https://docs.djangoproject.com/en/dev/releases/security
PACKAGE https://github.com/django/django
WEB https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml
WEB https://groups.google.com/g/django-announce
WEB https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
WEB https://www.djangoproject.com/weblog/2025/mar/06/security-releases
WEB http://www.openwall.com/lists/oss-security/2025/03/06/12

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes