Описание
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
A vulnerability was found in Django. When used with very long strings, the intcomma template filter was subject to a potential denial of service attack.
Отчет
Redhat has rated this vulnerability as moderate severity because exploitation of this vulnerability is only theoretical in nature and can only result in a denial of service bug.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 1.2 | ansible-tower | Out of support scope | ||
| Red Hat Certification for Red Hat Enterprise Linux 7 | python-django | Out of support scope | ||
| Red Hat Certification for Red Hat Enterprise Linux 8 | redhat-certification | Affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 9 | redhat-certification | Affected | ||
| Red Hat Discovery | discovery-server-container | Not affected | ||
| Red Hat OpenStack Platform 16.1 | python-django20 | Out of support scope | ||
| Red Hat OpenStack Platform 16.2 | python-django20 | Will not fix | ||
| Red Hat OpenStack Platform 18.0 | python-django | Affected | ||
| Red Hat Storage 3 | python-django | Affected | ||
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | python3x-django | Fixed | RHSA-2024:1057 | 29.02.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10 ...
Django denial-of-service attack in the intcomma template filter
Уязвимость программной платформы для веб-приложений Django, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3