Описание
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-django | fixed | 3:4.2.15-1 | package | |
| python-django | no-dsa | bookworm | package | |
| python-django | ignored | bullseye | package |
Примечания
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88/ (4.2.15)
Patch overlapping with fix for CVE-2024-38875 & CVE-2024-45230.
EPSS
Связанные уязвимости
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
Django vulnerable to a denial-of-service attack
EPSS