CVE-2024-41989
- EPSS 1.2%
- Veröffentlicht 07.08.2024 15:15:56
- Zuletzt bearbeitet 04.11.2025 17:16:03
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
CVE-2024-41990
- EPSS 1.26%
- Veröffentlicht 07.08.2024 15:15:56
- Zuletzt bearbeitet 04.11.2025 17:16:03
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
CVE-2024-41991
- EPSS 0.95%
- Veröffentlicht 07.08.2024 15:15:56
- Zuletzt bearbeitet 04.11.2025 17:16:03
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number...
CVE-2024-42005
- EPSS 1.23%
- Veröffentlicht 07.08.2024 15:15:56
- Zuletzt bearbeitet 04.11.2025 17:16:04
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
CVE-2024-38875
- EPSS 1.19%
- Veröffentlicht 10.07.2024 05:15:12
- Zuletzt bearbeitet 04.11.2025 17:15:54
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.
CVE-2024-39329
- EPSS 0.89%
- Veröffentlicht 10.07.2024 05:15:12
- Zuletzt bearbeitet 04.11.2025 17:15:54
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an un...
CVE-2024-39330
- EPSS 1.01%
- Veröffentlicht 10.07.2024 05:15:12
- Zuletzt bearbeitet 04.11.2025 17:15:54
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class,...
CVE-2024-39614
- EPSS 28.64%
- Veröffentlicht 10.07.2024 05:15:12
- Zuletzt bearbeitet 04.11.2025 17:15:55
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
CVE-2024-27351
- EPSS 1.85%
- Veröffentlicht 15.03.2024 20:15:09
- Zuletzt bearbeitet 04.11.2025 19:17:03
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack vi...
CVE-2024-24680
- EPSS 1.61%
- Veröffentlicht 06.02.2024 22:16:15
- Zuletzt bearbeitet 04.11.2025 19:16:57
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.