CVE-2024-28865 - Vulnerability Details - OpenCVE

django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00079.

Key SSVC decision points have not yet been added.

Vendors	Products
Django-wiki Project	Django-wiki

Configuration 1 [-]

cpe:2.3:a:django-wiki_project:django-wiki:*:*:*:*:*:django:*:*

No data.

No data.

References

Link	Providers
https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c
https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h

History

Tue, 13 Jan 2026 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Django-wiki Project Django-wiki Project django-wiki
CPEs		cpe:2.3:a:django-wiki_project:django-wiki::::::django::*
Vendors & Products		Django-wiki Project Django-wiki Project django-wiki

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-18T21:53:59.877Z

Updated: 2024-08-21T14:59:23.794Z

Reserved: 2024-03-11T22:45:07.687Z

Link: CVE-2024-28865

Vulnrichment

Updated: 2024-08-02T00:56:58.079Z

NVD

Status : Analyzed

Published: 2024-03-18T22:15:09.510

Modified: 2026-01-13T15:21:57.733

Link: CVE-2024-28865

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28865", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-11T22:45:07.687Z", "datePublished": "2024-03-18T21:53:59.877Z", "dateUpdated": "2024-08-21T14:59:23.794Z"}, "containers": {"cna": {"title": "django-wiki denial of service via regular expression", "problemTypes": [{"descriptions": [{"cweId": "CWE-1333", "lang": "en", "description": "CWE-1333: Inefficient Regular Expression Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h"}, {"name": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c", "tags": ["x_refsource_MISC"], "url": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c"}], "affected": [{"vendor": "django-wiki", "product": "django-wiki", "versions": [{"version": "< 0.10.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-18T21:53:59.877Z"}, "descriptions": [{"lang": "en", "value": "django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users."}], "source": {"advisory": "GHSA-wj85-w4f4-xh8h", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:58.079Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h"}, {"name": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c"}]}, {"affected": [{"vendor": "django-wiki_project", "product": "django-wiki", "cpes": ["cpe:2.3:a:django-wiki_project:django-wiki:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.10.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T14:58:16.161708Z", "id": "CVE-2024-28865", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T14:59:23.794Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h", "name": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c", "name": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:58.079Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28865", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-21T14:58:16.161708Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:django-wiki_project:django-wiki:*:*:*:*:*:*:*:*"], "vendor": "django-wiki_project", "product": "django-wiki", "versions": [{"status": "affected", "version": "0", "lessThan": "0.10.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T14:59:13.975Z"}}], "cna": {"title": "django-wiki denial of service via regular expression", "source": {"advisory": "GHSA-wj85-w4f4-xh8h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "django-wiki", "product": "django-wiki", "versions": [{"status": "affected", "version": "< 0.10.1"}]}], "references": [{"url": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h", "name": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c", "name": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1333", "description": "CWE-1333: Inefficient Regular Expression Complexity"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-18T21:53:59.877Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28865", "state": "PUBLISHED", "dateUpdated": "2024-08-21T14:59:23.794Z", "dateReserved": "2024-03-11T22:45:07.687Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-18T21:53:59.877Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:django-wiki_project:django-wiki:*:*:*:*:*:django:*:*", "matchCriteriaId": "D6CAC95D-E4C9-4A36-9E11-FB537AA9EB5C", "versionEndExcluding": "0.10.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users."}, {"lang": "es", "value": "django-wiki es un sistema wiki para Django. Las instalaciones de django-wiki anteriores a la versi\u00f3n 0.10.1 son vulnerables al contenido de art\u00edculos creados con fines malintencionados que pueden causar un uso severo de la CPU del servidor a trav\u00e9s de un bucle de expresi\u00f3n regular. La versi\u00f3n 0.10.1 soluciona este problema. Como workaround, cierre el acceso para crear y editar art\u00edculos a usuarios an\u00f3nimos."}], "id": "CVE-2024-28865", "lastModified": "2026-01-13T15:21:57.733", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-18T22:15:09.510", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1333"}], "source": "security-advisories@github.com", "type": "Secondary"}]}