VYPR
High severity7.5NVD Advisory· Published Aug 2, 2019· Updated Jun 17, 2026

CVE-2019-14232

CVE-2019-14232

Description

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
>= 1.11a1, < 1.11.231.11.23
DjangoPyPI
>= 2.1a1, < 2.1.112.1.11
DjangoPyPI
>= 2.2a1, < 2.2.42.2.4

Affected products

13

Patches

Vulnerability mechanics

References

25

News mentions

0

No linked articles in our index yet.

CVE-2019-14232 · High · VYPR