CVE-2024-41990 — Vulnetix

CVE-2024-41990 PUBLISHED

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

EPSS 1.22% · 79.5th percentile

Risk Scores

EPSS Score

1.22%

79.5th percentile

Affected Products

Vendor	Product	Versions
Bitnami	django	4.2.0, 5.0.0, 4.2.0
Bitnami	django	4.2.0, 5.0.0

Exploit Intelligence

CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize() (hackerone)
CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize() (hackerone)
CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize() (hackerone)

Timeline

CVE Published
Aug 13, 2024 EPSS Score
Sep 3, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 14, 2024 EPSS Score
Oct 19, 2024 Coalition ESS Score
Oct 30, 2024 Coalition ESS Score
Nov 4, 2024 EPSS Score
Nov 25, 2024 EPSS Score
Nov 30, 2024 PoC Published
Dec 17, 2024 EPSS Score
Jan 28, 2025 EPSS Score

References

https://docs.djangoproject.com/en/dev/releases/security/ url
https://groups.google.com/forum/#%21forum/django-announce url
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/ url
https://nvd.nist.gov/vuln/detail/CVE-2024-41990 url
https://security.netapp.com/advisory/ntap-20240905-0007/ url

Open in Interactive Console →