Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-38875

Опубликовано: 26 июл. 2024
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

A vulnerability was found in the Django framework's urlize and urlizetrunc functions, where an attacker can input a certain string containing a large number of brackets, leads to a potential denial of service when the application attempts to process the excessive input.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2ansible-towerAffected
Red Hat Ansible Automation Platform 2ansible-automation-platform-25/lightspeed-rhel8Affected
Red Hat Ansible Automation Platform 2automation-controllerNot affected
Red Hat Certification for Red Hat Enterprise Linux 8redhat-certificationAffected
Red Hat Certification Program for Red Hat Enterprise Linux 9redhat-certificationAffected
Red Hat Discovery 1discovery-server-containerAffected
Red Hat OpenStack Platform 16.1python-django20Affected
Red Hat OpenStack Platform 16.2python-django20Affected
Red Hat OpenStack Platform 17.1python-djangoWill not fix
Red Hat Storage 3python-djangoAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1287
https://bugzilla.redhat.com/show_bug.cgi?id=2295935python-django: Potential denial-of-service in django.utils.html.urlize()

EPSS

Процентиль: 51%
0.00281
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-38875

CVSS3: 7.5
ubuntu
около 1 года назад

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

nvd логотип

CVE-2024-38875

CVSS3: 7.5
nvd
около 1 года назад

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

debian логотип

CVE-2024-38875

CVSS3: 7.5
debian
около 1 года назад

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0 ...

github логотип

GHSA-qg2p-9jwr-mmqf

CVSS3: 7.5
github
около 1 года назад

Django vulnerable to Denial of Service

fstec логотип

BDU:2024-07169

CVSS3: 7.5
fstec
около 1 года назад

Уязвимость функции django.utils.html.urlize() программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 51%
0.00281
Низкий

5.3 Medium

CVSS3