CVE-2024-41989 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=5.0 <5.0.8 || >=4.2 <4.2.15

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00354 pctl0.56971

Details

Django memory consumption vulnerability An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.

Metadata

Created: 2024-08-07T15:30:42Z
Modified: 2024-08-07T19:01:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-jh75-99hh-qvx9/GHSA-jh75-99hh-qvx9.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-jh75-99hh-qvx9
Finding: F067
Auto approve: 1