CVE-2024-45230 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=5.1 <5.1.1 || >=5.0 <5.0.9 || >=4.2 <4.2.16

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00326 pctl0.54885

Details

Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

Metadata

Created: 2024-10-08T18:33:13Z
Modified: 2024-10-30T19:03:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-5hgc-2vfp-mqvc/GHSA-5hgc-2vfp-mqvc.json
CWE IDs: ["CWE-120", "CWE-400"]
Alternative ID: GHSA-5hgc-2vfp-mqvc
Finding: F002
Auto approve: 1