CVE Vulnerabilities

CVE-2024-24680

Published: Feb 06, 2024 | Modified: Apr 20, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

Affected Software

Name Vendor Start Version End Version
Django Djangoproject 3.2 (including) 3.2.24 (excluding)
Django Djangoproject 4.2 (including) 4.2.10 (excluding)
Django Djangoproject 5.0 (including) 5.0.2 (excluding)
Red Hat Ansible Automation Platform 2.4 for RHEL 8 RedHat python3x-django-0:4.2.10-1.el8ap *
Red Hat Ansible Automation Platform 2.4 for RHEL 8 RedHat automation-controller-0:4.5.5-2.el8ap *
Red Hat Ansible Automation Platform 2.4 for RHEL 9 RedHat python-django-0:4.2.10-1.el9ap *
Red Hat Ansible Automation Platform 2.4 for RHEL 9 RedHat automation-controller-0:4.5.5-2.el9ap *
Red Hat OpenStack Platform 17.1 for RHEL 9 RedHat python-django-0:2.2.24-8.el9ost *
Red Hat Satellite 6.15 for RHEL 8 RedHat python-django-0:4.2.14-1.el8pc *
Red Hat Satellite 6.15 for RHEL 8 RedHat python-django-0:4.2.14-1.el8pc *
RHUI 4 for RHEL 8 RedHat python-django-0:4.2.11-1.el8ui *
Python-django Ubuntu bionic *
Python-django Ubuntu esm-infra/bionic *
Python-django Ubuntu esm-infra/xenial *
Python-django Ubuntu focal *
Python-django Ubuntu jammy *
Python-django Ubuntu mantic *
Python-django Ubuntu trusty *
Python-django Ubuntu upstream *
Python-django Ubuntu xenial *

References