Lucene search

K

Veracode Vulnerability DatabaseVERACODE:48416

HistoryAug 08, 2024 - 8:16 a.m.

Denial Of Service (DoS)

2024-08-0808:16:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5

django

dos

vulnerability

unicode

characters

inputs

validation

malicious

payloads

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

21.9%

Django is vulnerable to a Denial Of Service (DoS). The vulnerability is due to the lack of validation for certain inputs with a very large number of Unicode characters in the urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget. Attackers can create malicious payloads with these Unicode characters and cause a Denial Of Service.

References

docs.djangoproject.com/en/dev/releases/security

docs.djangoproject.com/en/dev/releases/security/

github.com/advisories/GHSA-r836-hh6v-rg5g

github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927

github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f

github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml

groups.google.com/forum/#%21forum/django-announce

www.djangoproject.com/weblog/2024/aug/06/security-releases

www.djangoproject.com/weblog/2024/aug/06/security-releases/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

21.9%

Related for VERACODE:48416

osv10 debiancve1 github1 nvd1 redhatcve1 cvelist1 ubuntucve1 vulnrichment1 cve1 openvas3 ubuntu1 nessus5 freebsd1 redhat1