Vulnerability CVE-2024-24680: Information
Description
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
python3-module-django | sisyphus | 4.2.11-alt1 | 4.2.11-alt1 | ALT-PU-2024-4472-2 | 343297 | Fixed |
python3-module-django | sisyphus_e2k | 4.2.11-alt1 | 4.2.11-alt1 | ALT-PU-2024-4587-1 | - | Fixed |
python3-module-django | sisyphus_riscv64 | 4.2.11-alt1 | 4.2.11-alt1 | ALT-PU-2024-4668-1 | - | Fixed |
python3-module-django | sisyphus_loongarch64 | 4.2.11-alt1 | 4.2.11-alt1 | ALT-PU-2024-4593-1 | - | Fixed |
python3-module-django | c10f1 | 3.2.25-alt1 | 3.2.25-alt1 | ALT-PU-2024-3676-2 | 342286 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://groups.google.com/forum/#%21forum/django-announce |
|
https://docs.djangoproject.com/en/5.0/releases/security/ |
|
https://www.djangoproject.com/weblog/2024/feb/06/security-releases/ |
|
FEDORA-2024-5c7fb64c74 | |
FEDORA-2024-2ec03ca8cb | |
FEDORA-2024-84fbbbb914 |