AIKIDO-2026-10334
django-watchman is vulnerable to Regular Expression Denial of Service (ReDoS)
28
Low Risk
This Affects:
django-watchmanTL;DR
Affected versions of django-watchman are vulnerable to a regular expression denial of service (ReDoS) in the parsing of the Authorization HTTP header. The implementation relied on a regex-based parser to process authentication headers for the watchman endpoint. A specially crafted header value could trigger excessive backtracking in the regular expression engine, causing the application to spend excessive CPU time processing the request. An attacker could exploit this behavior by sending malicious requests to the endpoint, potentially leading to resource exhaustion and denial of service. The issue is addressed by replacing the regex-based header parsing with a safer string-splitting approach that avoids polynomial-time processing.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
django-watchman is vulnerable to Regular Expression Denial of Service (ReDoS) in versions 0.10.0 - 1.3.0.
How to fix this
Upgrade the django-watchman library to the patch version.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant