Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-39614

Опубликовано: 09 июл. 2024
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.

A vulnerability was found in Python-Django in the get_supported_language_variant() function. The issue triggers when parsed with very long strings, including a specific set of characters, leading to a potential denial of service attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2ansible-towerWill not fix
Red Hat Certification for Red Hat Enterprise Linux 7python-djangoAffected
Red Hat Certification for Red Hat Enterprise Linux 8redhat-certificationAffected
Red Hat Certification for Red Hat Enterprise Linux 9redhat-certificationAffected
Red Hat Discoverydiscovery-server-containerAffected
Red Hat OpenStack Platform 16.1python-django20Affected
Red Hat OpenStack Platform 16.2python-django20Affected
Red Hat OpenStack Platform 17.1python-djangoWill not fix
Red Hat Storage 3python-djangoAffected
Red Hat Ansible Automation Platform 2.4 for RHEL 8ansible-automation-platform-24/lightspeed-rhel8FixedRHBA-2024:642905.09.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1287
https://bugzilla.redhat.com/show_bug.cgi?id=2295938python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()

EPSS

Процентиль: 86%
0.02989
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-39614

CVSS3: 7.5
ubuntu
11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.

nvd логотип

CVE-2024-39614

CVSS3: 7.5
nvd
11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.

debian логотип

CVE-2024-39614

CVSS3: 7.5
debian
11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...

github логотип

GHSA-f6f8-9mx6-9mx2

CVSS3: 7.5
github
11 месяцев назад

Django vulnerable to Denial of Service

fstec логотип

BDU:2024-06892

CVSS3: 7.5
fstec
12 месяцев назад

Уязвимость функции get_supported_language_variant() программной платформы для веб-приложений Django, связанная с ошибками при обработке параметров длины, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 86%
0.02989
Низкий

5.3 Medium

CVSS3