Denial of Service Vulnerability in Django Web Framework by Django Software Foundation
CVE-2024-24680

7.5HIGH

Key Information:

Vendor: Djangoproject
Status: Django
Vendor: CVE Published:; 6 February 2024

What is CVE-2024-24680?

A vulnerability exists in the Django web framework affecting versions prior to 3.2.24, 4.2.10, and 5.0.2, where the intcomma template filter can be exploited by sending specially crafted long strings. This may lead to a denial-of-service condition, compromising the application's availability and performance. Developers using affected versions of Django should prioritize updating to the latest secure releases to protect their applications from potential exploitation.

References

https://groups.google.com/forum/#%21forum/django-announce

https://docs.djangoproject.com/en/5.0/releases/security/

https://www.djangoproject.com/weblog/2024/feb/06/security...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2024
Vulnerability Reserved
Jan 26, 2024

Djangoproject

What is CVE-2024-24680?

References

CVSS V3.1

Timeline