CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
30.6%
Django reports:
CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat().
CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize().
CVE-2024-41991: Potential denial-of-service vulnerability in
django.utils.html.urlize() and AdminURLFieldWidget.
CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list().
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | py39-django42 | < 4.2.15 | UNKNOWN |
FreeBSD | any | noarch | py310-django42 | < 4.2.15 | UNKNOWN |
FreeBSD | any | noarch | py311-django42 | < 4.2.15 | UNKNOWN |
FreeBSD | any | noarch | py310-django50 | < 5.0.8 | UNKNOWN |
FreeBSD | any | noarch | py311-django50 | < 5.0.8 | UNKNOWN |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
30.6%