Lucene search

K

Veracode Vulnerability DatabaseVERACODE:48017

HistoryJul 11, 2024 - 5:11 a.m.

Denial Of Service (DoS)

2024-07-1105:11:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4

django

vulnerability

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

Django is vulnerable to Denial Of Service (DoS). The vulnerability is caused when parsing inputs with a very large number of brackets with the urlize and urlizetrunc functions. The vulnerability allows the system to consume resources excessively and potentially lead to a denial of service condition.

References

docs.djangoproject.com/en/dev/releases/security

docs.djangoproject.com/en/dev/releases/security/

github.com/advisories/GHSA-qg2p-9jwr-mmqf

github.com/django/django/commit/7285644640f085f41d60ab0c8ae4e9153f0485db

github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5

github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-56.yaml

groups.google.com/forum/#%21forum/django-announce

www.djangoproject.com/weblog/2024/jul/09/security-releases

www.djangoproject.com/weblog/2024/jul/09/security-releases/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

Related for VERACODE:48017

hackerone1 cvelist1 vulnrichment1 debiancve1 cve1 osv5 github1 ubuntucve1 redhatcve1 nvd1 wolfi1 freebsd1 nessus10 openvas8 ubuntu2 fedora4 ibm1 redhat1