Lucene search
Ubuntu.comUB:CVE-2024-38875HistoryJul 09, 2024 - 12:00 a.m.
CVE-2024-38875
2024-07-0900:00:00
ubuntu.com
ubuntu.com
3
cve-2024-38875
denial-of-service
django.utils.html.urlize()
large number
brackets
upstream
affected
versions
maintenance
unix
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.2
Confidence
Low
EPSS
0
Percentile
15.8%
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7.
urlize and urlizetrunc were subject to a potential denial of service attack
via certain inputs with a very large number of brackets.
Notes
| Author | Note |
|---|---|
| alexmurray | upstream advises that only versions 4.2, 5.0 and 5.1 (plus main development branch) are affected but it is likely earlier versions may also be affected but upstream do not mention this as they are no longer maintained by them |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | python-django | < 1:1.11.11-1ubuntu1.21+esm5 | UNKNOWN |
| ubuntu | 20.04 | noarch | python-django | < 2:2.2.12-1ubuntu0.23 | UNKNOWN |
| ubuntu | 22.04 | noarch | python-django | < 2:3.2.12-2ubuntu1.12 | UNKNOWN |
| ubuntu | 23.10 | noarch | python-django | < 3:4.2.4-1ubuntu2.3 | UNKNOWN |
| ubuntu | 24.04 | noarch | python-django | < 3:4.2.11-1ubuntu1.1 | UNKNOWN |
| ubuntu | 14.04 | noarch | python-django | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | python-django | < any | UNKNOWN |
Related
hackerone
hackerone
cvelist
cvelist
CVE-2024-38875
2024-07-10 00:00:00
vulnrichment
vulnrichment
CVE-2024-38875
2024-07-10 00:00:00
debiancve
debiancve
CVE-2024-38875
2024-07-10 05:15:12
cve
cve
CVE-2024-38875
2024-07-10 05:15:12
osv
osv
PYSEC-2024-56
2024-07-10 05:15:00
Django vulnerable to Denial of Service
2024-07-10 06:33:52
CVE-2024-38875
2024-07-09 14:00:00
github
github
Django vulnerable to Denial of Service
2024-07-10 06:33:52
nvd
nvd
CVE-2024-38875
2024-07-10 05:15:12
wolfi
wolfi
CVE-2024-38875 vulnerabilities
2024-09-18 21:11:55
veracode
veracode
Denial Of Service (DoS)
2024-07-11 05:11:20
redhatcve
redhatcve
CVE-2024-38875
2024-07-26 06:30:14
freebsd
freebsd
Django -- multiple vulnerabilities
2024-07-01 00:00:00
nessus
nessus
Fedora 39 : python-django4.2 (2024-a7eef0ca7b)
2024-07-25 00:00:00
Fedora 39 : python-django (2024-82547e3e16)
2024-07-25 00:00:00
Fedora 40 : python-django4.2 (2024-d05d37ead7)
2024-07-25 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6888-1)
2024-07-10 00:00:00
Django 4.x < 4.2.14, 5.x < 5.0.7 Multiple Vulnerabilities - Linux
2024-07-12 00:00:00
Ubuntu: Security Advisory (USN-6888-2)
2024-07-12 00:00:00
ubuntu
ubuntu
Django vulnerabilities
2024-07-09 00:00:00
Django vulnerabilities
2024-07-11 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: python-django-4.2.14-2.fc40
2024-07-19 01:46:40
[SECURITY] Fedora 40 Update: python-django4.2-4.2.14-1.fc40
2024-07-19 01:46:41
[SECURITY] Fedora 39 Update: python-django4.2-4.2.14-1.fc39
2024-07-19 02:22:03
ibm
ibm
redhat
redhat
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.2
Confidence
Low
EPSS
0
Percentile
15.8%
Related for UB:CVE-2024-38875