Veracode Vulnerability DatabaseVERACODE:48417Denial Of Service (DoS)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
21.9%
Django is vulnerable to a Denial Of Service (DoS). The vulnerability is due to the urlize() and urlizetrunc() template filters processing very large inputs with a specific sequence of characters.
References
docs.djangoproject.com/en/dev/releases/security
docs.djangoproject.com/en/dev/releases/security/
github.com/advisories/GHSA-795c-9xpc-xw6g
github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93
github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88
github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml
groups.google.com/forum/#%21forum/django-announce
www.djangoproject.com/weblog/2024/aug/06/security-releases
www.djangoproject.com/weblog/2024/aug/06/security-releases/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
21.9%