VDB

DEBIAN-CVE-2024-41991

DEBIAN-CVE-2024-41991 PUBLISHED CVSS 7.5 HIGH

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:14python-django0, 0
Debian:13python-django0, 0
Debian:11python-django*, 0, 2.2.24-1
Debian:12python-django3:3.2.19-1+deb12u1~bpo11+1, 3:3.2.20-1, *

Timeline

  • Aug 7, 2024 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›