CNNVD-202512-209 Information
CNNVD ID
CNNVD-202512-209
Related CVE
- CNNVD Published: 2025-12-02
Description (Chinese)
Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 5.2版本至5.2.9之前版本、5.1版本至5.1.15之前版本和4.2版本至4.2.27之前版本存在安全漏洞,该漏洞源于django.core.serializers.xml_serializer.getInnerText函数存在算法复杂度问题,可能导致拒绝服务攻击。
Description (English)
Django is an open-source Web application framework based on the Python language of the Django Foundation. The framework includes object-oriented maprs, view systems, templates, etc. There is a security loophole in the pre-Django 5.2 to 5.2.9, pre-Vers. 5.1 to 5.1.15 and pre-Es. 4.2.27, which stems from the problem of the algorithmic complexity of the django.core.serializers.xml serializer.getInnerText function, which may lead to a denial of service attack.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Django
Published
2025-12-02
Last Modified
2026-02-24
References
https://docs.djangoproject.com/en/dev/releases/security/ https://groups.google.com/g/django-announce https://www.djangoproject.com/weblog/2025/dec/02/security-releases/ https://vigilance.fr/vulnerability/Django-overload-via-getInnerText-48943
Patch
https://www.djangoproject.com/download/
Share on: