Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-django) security update
A potential regular expression denial-of-service (ReDoS) vulnerability exists in the django. utils. text. Truncator. words() function in the python-django package used by Red Hat OpenStack Platform 17. 1. This vulnerability is identified as CVE-2024-27351 and has been rated with moderate severity by Red Hat Product Security. The issue could allow an attacker to cause a denial-of-service condition by exploiting inefficient regular expression processing. Red Hat has issued a security update addressing this vulnerability for affected versions. No known exploits are reported in the wild at this time.
AI Analysis
Technical Summary
CVE-2024-27351 is a vulnerability in the django.utils.text.Truncator.words() function of the python-django package included with Red Hat OpenStack Platform 17.1. The issue involves a potential regular expression denial-of-service (ReDoS) where crafted input could cause excessive processing time, leading to service disruption. Red Hat has classified this vulnerability as moderate severity and released an update to mitigate the issue. The advisory references Red Hat's errata RHSA-2025:4187 for details on the fix and affected packages.
Potential Impact
The vulnerability could allow an attacker to trigger a denial-of-service condition by causing the Django component to perform excessive regular expression processing. This may impact availability of services relying on the affected python-django package. There are no reports of active exploitation in the wild. The severity is moderate, indicating a limited but meaningful risk to affected systems if unpatched.
Mitigation Recommendations
Red Hat has released a security update for python-django in Red Hat OpenStack Platform 17.1 that addresses this vulnerability. Administrators should apply the provided update as described in Red Hat advisory RHSA-2025:4187 and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor. Patch status is confirmed as fixed by Red Hat.
Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-django) security update
Description
A potential regular expression denial-of-service (ReDoS) vulnerability exists in the django. utils. text. Truncator. words() function in the python-django package used by Red Hat OpenStack Platform 17. 1. This vulnerability is identified as CVE-2024-27351 and has been rated with moderate severity by Red Hat Product Security. The issue could allow an attacker to cause a denial-of-service condition by exploiting inefficient regular expression processing. Red Hat has issued a security update addressing this vulnerability for affected versions. No known exploits are reported in the wild at this time.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-27351 is a vulnerability in the django.utils.text.Truncator.words() function of the python-django package included with Red Hat OpenStack Platform 17.1. The issue involves a potential regular expression denial-of-service (ReDoS) where crafted input could cause excessive processing time, leading to service disruption. Red Hat has classified this vulnerability as moderate severity and released an update to mitigate the issue. The advisory references Red Hat's errata RHSA-2025:4187 for details on the fix and affected packages.
Potential Impact
The vulnerability could allow an attacker to trigger a denial-of-service condition by causing the Django component to perform excessive regular expression processing. This may impact availability of services relying on the affected python-django package. There are no reports of active exploitation in the wild. The severity is moderate, indicating a limited but meaningful risk to affected systems if unpatched.
Mitigation Recommendations
Red Hat has released a security update for python-django in Red Hat OpenStack Platform 17.1 that addresses this vulnerability. Administrators should apply the provided update as described in Red Hat advisory RHSA-2025:4187 and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor. Patch status is confirmed as fixed by Red Hat.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:4187
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a1f4e89e29bf47b50083576
Added to database: 6/2/2026, 9:43:37 PM
Last enriched: 6/2/2026, 10:17:56 PM
Last updated: 6/3/2026, 5:04:18 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.