Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-41990

Опубликовано: 06 авг. 2024
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

A flaw was found in Django. Processing very large inputs with a specific sequence of characters with the urlize and urlizetrunc functions can cause a denial of service.

Меры по смягчению последствий

Implementing input validation and limiting the the size of inputs to the urlize and urlizetrunc will mitigate this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/ee-dellemc-openmanage-rhel8Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/platform-resource-runner-rhel8Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-25/lightspeed-rhel8Not affected
Red Hat Certification for Red Hat Enterprise Linux 8redhat-certificationNot affected
Red Hat Certification Program for Red Hat Enterprise Linux 9redhat-certificationNot affected
Red Hat Discovery 1discovery-server-containerAffected
Red Hat Satellite 6python-djangoAffected
Red Hat Ansible Automation Platform 2.4 for RHEL 8automation-controllerFixedRHSA-2024:642805.09.2024
Red Hat Ansible Automation Platform 2.4 for RHEL 8python3x-djangoFixedRHSA-2024:642805.09.2024
Red Hat Ansible Automation Platform 2.4 for RHEL 9automation-controllerFixedRHSA-2024:642805.09.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-130
https://bugzilla.redhat.com/show_bug.cgi?id=2302434python-django: Potential denial-of-service vulnerability in django.utils.html.urlize()

EPSS

Процентиль: 67%
0.00537
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-41990

CVSS3: 7.5
ubuntu
больше 1 года назад

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

nvd логотип

CVE-2024-41990

CVSS3: 7.5
nvd
больше 1 года назад

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

debian логотип

CVE-2024-41990

CVSS3: 7.5
debian
больше 1 года назад

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...

suse-cvrf логотип

SUSE-SU-2024:2861-1

suse-cvrf
больше 1 года назад

Security update for python-Django

github логотип

GHSA-795c-9xpc-xw6g

CVSS3: 5.3
github
больше 1 года назад

Django vulnerable to a denial-of-service attack

EPSS

Процентиль: 67%
0.00537
Низкий

7.5 High

CVSS3