2348993 – (CVE-2025-26699) CVE-2025-26699 django: Potential denial-of-service vulnerability in django.utils.text.wrap()

Bug 2348993 (CVE-2025-26699) - CVE-2025-26699 django: Potential denial-of-service vulnerability in django.utils.text.wrap()

Summary: CVE-2025-26699 django: Potential denial-of-service vulnerability in django.ut...

Keywords:
Status:	NEW
Alias:	CVE-2025-26699
Deadline:	2025-03-06
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-28 09:52 UTC by OSIDB Bzimport
Modified:	2025-06-17 08:28 UTC (History)
CC List:	42 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:3160	None	None	None	2025-03-25 12:23:58 UTC
Red Hat Product Errata	RHSA-2025:3162	None	None	None	2025-03-25 17:10:46 UTC
Red Hat Product Errata	RHSA-2025:4553	None	None	None	2025-05-06 14:55:58 UTC
Red Hat Product Errata	RHSA-2025:8609	None	None	None	2025-06-05 17:39:59 UTC

Description OSIDB Bzimport 2025-02-28 09:52:02 UTC

The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a
potential denial-of-service attack when used with very long strings.

Affected versions
=================

* Django main development branch
* Django 5.2 (currently at beta status)
* Django 5.1
* Django 5.0
* Django 4.2

Comment 2 errata-xmlrpc 2025-03-25 12:23:56 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 8
  Red Hat Ansible Automation Platform 2.5 for RHEL 9

Via RHSA-2025:3160 https://access.redhat.com/errata/RHSA-2025:3160

Comment 3 errata-xmlrpc 2025-03-25 17:10:43 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 8
  Red Hat Ansible Automation Platform 2.5 for RHEL 9

Via RHSA-2025:3162 https://access.redhat.com/errata/RHSA-2025:3162

Comment 4 errata-xmlrpc 2025-05-06 14:55:55 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 9
  Red Hat Ansible Automation Platform 2.5 for RHEL 8

Via RHSA-2025:4553 https://access.redhat.com/errata/RHSA-2025:4553

Comment 6 errata-xmlrpc 2025-06-05 17:39:55 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 9
  Red Hat Ansible Automation Platform 2.4 for RHEL 8

Via RHSA-2025:8609 https://access.redhat.com/errata/RHSA-2025:8609

Note You need to log in before you can comment on or make changes to this bug.

anthomas
brking
caswilli
dnakabaa
dranck
ehelms
ggainey
gtanzill
haoli
hkataria
jajackso
jcammara
jmitchel
jneedle
jtanner
juwatts
jwong
kaycoth
kegrant
kholdawa
koliveir
kshier
lcouzens
mabashia
mhulan
mskarbek
nmoumoul
osousa
pbraun
pcreech
rchan
security-response-team
shvarugh
simaishi
smallamp
smcdonal
stcannon
teagle
tfister
thavo
ttakamiy
yguenane