CVE-2024-24680 — Vulnetix

CVE-2024-24680 PUBLISHED

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

EPSS 1.39% · 80.7th percentile

Risk Scores

EPSS Score

1.39%

80.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	django	3.2.0, 4.2.0, 5.0.0
Bitnami	django	3.2.0, 4.2.0, 5.0.0

Timeline

Feb 6, 2024 CVE Published
Feb 8, 2024 EPSS Score
Apr 3, 2024 EPSS Score
May 27, 2024 EPSS Score
Jun 23, 2024 EPSS Score
Aug 17, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 10, 2024 EPSS Score
Nov 23, 2024 Coalition ESS Score
Dec 5, 2024 EPSS Score
Jan 1, 2025 EPSS Score
Feb 3, 2025 Coalition ESS Score

References

https://docs.djangoproject.com/en/5.0/releases/security/ url
https://groups.google.com/forum/#%21forum/django-announce url
https://www.djangoproject.com/weblog/2024/feb/06/security-releases/ url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/ url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/ url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/ url
https://nvd.nist.gov/vuln/detail/CVE-2024-24680 url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/ url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/ url

Open in Interactive Console →