Name of the Vulnerable Software and Affected Versions Django versions 1.11.x through 1.11.22 Django versions 2.1.x through 2.1.10 Django versions 2.2.x through 2.2.3

Description An issue was discovered where the chars() and words() methods in django.utils.text.Truncator were extremely slow to evaluate certain inputs due to a catastrophic backtracking issue in a regular expression when the html=True argument was passed. This affected the truncatechars html and truncatewords html template filters.

Recommendations For Django versions 1.11.x through 1.11.22, update to version 1.11.23 or later. For Django versions 2.1.x through 2.1.10, update to version 2.1.11 or later. For Django versions 2.2.x through 2.2.3, update to version 2.2.4 or later.