Описание
Django vulnerable to denial-of-service attack
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-41991
- https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927
- https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f
- https://docs.djangoproject.com/en/dev/releases/security
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml
- https://groups.google.com/forum/#%21forum/django-announce
- https://www.djangoproject.com/weblog/2024/aug/06/security-releases
Пакеты
Django
>= 5.0, < 5.0.8
5.0.8
Django
>= 4.2, < 4.2.15
4.2.15
EPSS
6.9 Medium
CVSS4
5.3 Medium
CVSS3
CVE ID
Дефекты
Связанные уязвимости
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...
Уязвимость функции django.utils.html.urlize() программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.9 Medium
CVSS4
5.3 Medium
CVSS3