VDB
BIT-django-2024-41991
BIT-django-2024-41991
PUBLISHED
CVSS 7.5 HIGH
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | django | 4.2.0, 5.0.0, 4.2.0 |
Timeline
- Aug 8, 2024 CVE Published
- Nov 6, 2025 CVE Updated
References
- https://docs.djangoproject.com/en/dev/releases/security/ url
- https://groups.google.com/forum/#%21forum/django-announce url
- https://www.djangoproject.com/weblog/2024/aug/06/security-releases/ url
- https://nvd.nist.gov/vuln/detail/CVE-2024-41991 url
- https://security.netapp.com/advisory/ntap-20240905-0007/ url