VDB
DEBIAN-CVE-2024-41991
DEBIAN-CVE-2024-41991
PUBLISHED
CVSS 7.5 HIGH
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | python-django | 0, 0 |
| Debian:13 | python-django | 0, 0 |
| Debian:11 | python-django | *, 0, 2.2.24-1 |
| Debian:12 | python-django | 3:3.2.19-1+deb12u1~bpo11+1, 3:3.2.20-1, * |
Timeline
- Aug 7, 2024 CVE Published
- Apr 28, 2026 CVE Updated