Lucene search

K

Veracode Vulnerability DatabaseVERACODE:48421

HistoryAug 08, 2024 - 10:31 a.m.

Denial Of Service (DoS)

2024-08-0810:31:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2

django

input validation

vulnerability

excessive memory consumption

dos

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

21.9%

Django is vulnerable to Denial Of Service (DoS). The vulnerability is due to inadequate input validation in the floatformat template filter when processing string representations of numbers in scientific notation with large exponents, It allows an attacker to trigger excessive memory consumption, potentially leading to a Denial of Service.

References

docs.djangoproject.com/en/dev/releases/security/

github.com/advisories/GHSA-jh75-99hh-qvx9

github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8

github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b

github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml

groups.google.com/forum/#%21forum/django-announce

groups.google.com/my-groups

www.djangoproject.com/weblog/2024/aug/06/security-releases/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

21.9%

Related for VERACODE:48421

ubuntucve1 debiancve1 osv10 cvelist1 redhatcve1 nvd1 vulnrichment1 cve1 github1 ubuntu1 nessus5 openvas3 freebsd1 redhat1