Описание
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
A flaw was found in Django. Processing very large inputs with a specific sequence of characters with the urlize and urlizetrunc functions can cause a denial of service.
Меры по смягчению последствий
Implementing input validation and limiting the the size of inputs to the urlize and urlizetrunc will mitigate this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-dellemc-openmanage-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/lightspeed-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/platform-resource-runner-rhel8 | Not affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 8 | redhat-certification | Not affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 9 | redhat-certification | Not affected | ||
| Red Hat Discovery | discovery-server-container | Affected | ||
| Red Hat Satellite 6 | python-django | Affected | ||
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | automation-controller | Fixed | RHSA-2024:6428 | 05.09.2024 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | python3x-django | Fixed | RHSA-2024:6428 | 05.09.2024 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | automation-controller | Fixed | RHSA-2024:6428 | 05.09.2024 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...
7.5 High
CVSS3