CVE-2024-41991

EPSS 0.28%
Veröffentlicht 07.08.2024 15:15:56
Zuletzt bearbeitet 07.08.2024 20:48:22
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Djangoproject ≫ Django Version >= 4.2 < 4.2.15

Djangoproject ≫ Django Version >= 5.0 < 5.0.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.51

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

CWE-130 Improper Handling of Length Parameter Inconsistency

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

https://docs.djangoproject.com/en/dev/releases/security/

Patch

Vendor Advisory

https://groups.google.com/forum/#%21forum/django-announce

Not Applicable

https://www.djangoproject.com/weblog/2024/aug/06/security-releases/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-41991

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-41991

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-41991

EUVD