Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2025-64458
Good to know:
Date: November 5, 2025
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, "django.http.HttpResponseRedirect", "django.http.HttpResponsePermanentRedirect", and the shortcut "django.shortcuts.redirect" were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
Severity Score
Related Resources (12)
Severity Score
Weakness Type (CWE)
Inefficient Algorithmic Complexity
CWE-407Top Fix
Upgrade Version
Upgrade to version django - 5.2.8;django - 5.1.14;django - 4.2.26;django - 4.2.26;django - 5.1.14;django - 5.2.8;https://github.com/django/django.git - 5.2.26;https://github.com/django/django.git - 5.1.14;https://github.com/django/django.git - 5.2.8
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | HIGH |