CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
21.9%
Django is vulnerable to Denial Of Service (DoS). The vulnerability is due to inadequate input validation in the floatformat template filter when processing string representations of numbers in scientific notation with large exponents, It allows an attacker to trigger excessive memory consumption, potentially leading to a Denial of Service.
docs.djangoproject.com/en/dev/releases/security/
github.com/advisories/GHSA-jh75-99hh-qvx9
github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8
github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b
github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml
groups.google.com/forum/#%21forum/django-announce
groups.google.com/my-groups
www.djangoproject.com/weblog/2024/aug/06/security-releases/