CVE-2015-5145Incorrect Regular Expression in Django

CWE-399CWE-185Incorrect Regular ExpressionCWE-1333Regex Denial of ServiceCWE-400Uncontrolled Resource Consumption9 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.8%
top 26.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Djangoproject Django
Timeline
PublishedJul 14
Latest updateMay 17

Description

validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

PyPIdjangoproject/django1.81.8.3+1
NVDdjangoproject/django1.8.0, 1.8.1, 1.8.2+2

🔴Vulnerability Details

4
OSV
Django ReDoS in validators.URLValidator2022-05-17
GHSA
Django ReDoS in validators.URLValidator2022-05-17
OSV
CVE-2015-5145: validators2015-07-14
CVEList
CVE-2015-5145: validators2015-07-14

📋Vendor Advisories

2
Red Hat
Django: DoS via incorrect URL validation2015-07-08
Debian
CVE-2015-5145: python-django - validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to ...2015

💬Community

2
Bugzilla
CVE-2009-5145 zope: Cross-site scripting (XSS) in ZMI pages through manage_tabs_message()2017-08-21
Bugzilla
CVE-2015-5145 Django: DoS via incorrect URL validation2015-07-07
CVE-2015-5145 — Incorrect Regular Expression in Django | cvebase