Potential Denial-of-Service Attack in Django 5.0 and 4.2 via Very Large Inputs
CVE-2024-41990

7.5HIGH

Key Information:

Vendor

Djangoproject

Status
Django
Vendor
CVE Published:
7 August 2024

Badges

đź“° News Worthy

What is CVE-2024-41990?

A vulnerability has been identified in Django, specifically in versions 5.0 prior to 5.0.8 and 4.2 prior to 4.2.15, which affects the functionality of the urlize() and urlizetrunc() template filters. This issue can potentially be exploited through specially crafted large inputs, leading to denial-of-service conditions. Addressing this vulnerability is crucial for maintaining the integrity and availability of web applications using Django.

News Articles

favicon imageLinux Security

SUSE: 2024:2816-1 important: python-Django Security Advisory Updates

SUSE: 2024:2816-1 important: python-Django Security Advisory Updates - # Security update for python-Django Announcement ID: SUSE-SU-2024:2816-1 Rating: important Reference

favicon imageLinux Security

SUSE: 2024:2817-1 important: python-Django Security Advisory Updates

SUSE: 2024:2817-1 important: python-Django Security Advisory Updates - # Security update for python-Django Announcement ID: SUSE-SU-2024:2817-1 Rating: important Reference

References

https://docs.djangoproject.com/en/dev/releases/security/
https://groups.google.com/forum/#%21forum/django-announce
https://www.djangoproject.com/weblog/2024/aug/06/security...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by Linux Security

  • Vulnerability published

  • Vulnerability Reserved

.