Описание
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-django | fixed | 3:4.2.10-1 | package | |
| python-django | postponed | bookworm | package | |
| python-django | postponed | buster | package |
Примечания
https://www.openwall.com/lists/oss-security/2024/02/06/2
https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
Fixed by: https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9 (main)
Regression fix: https://github.com/django/django/commit/2f14c2cedc9c92373471c1f98a80c81ba299584a (main)
Fixed by: https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc (5.0.2)
Fixed by: https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2 (4.2.10)
Fixed by: https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820 (3.2.24)
EPSS
Связанные уязвимости
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
Django denial-of-service attack in the intcomma template filter
Уязвимость программной платформы для веб-приложений Django, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS