CVE-2024-24680 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=3.2 <3.2.24 || >=4.2 <4.2.10 || >=5.0 <5.0.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01366 pctl0.79468

Details

Django denial-of-service attack in the intcomma template filter An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

Metadata

Created: 2024-02-07T00:30:25Z
Modified: 2024-11-18T16:26:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-xxj9-f6rv-m3x4/GHSA-xxj9-f6rv-m3x4.json
CWE IDs: ["CWE-770"]
Alternative ID: GHSA-xxj9-f6rv-m3x4
Finding: F002
Auto approve: 1