Описание
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-45230
- https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397
- https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b
- https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2
- https://docs.djangoproject.com/en/dev/releases/security
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml
- https://groups.google.com/forum/#%21forum/django-announce
- https://www.djangoproject.com/weblog/2024/sep/03/security-releases
Пакеты
Django
>= 5.1, < 5.1.1
5.1.1
Django
>= 5.0, < 5.0.9
5.0.9
Django
>= 4.2, < 4.2.16
4.2.16
EPSS
6.9 Medium
CVSS4
5.3 Medium
CVSS3
CVE ID
Дефекты
Связанные уязвимости
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, ...
EPSS
6.9 Medium
CVSS4
5.3 Medium
CVSS3