GoogleOSV:GHSA-XXJ9-F6RV-M3X4Django denial-of-service attack in the intcomma template filter
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
34.7%
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
References
docs.djangoproject.com/en/5.0/releases/security
github.com/django/django
github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
groups.google.com/forum/#%21forum/django-announce
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
nvd.nist.gov/vuln/detail/CVE-2024-24680
www.djangoproject.com/weblog/2024/feb/06/security-releases
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
34.7%