An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Django | Djangoproject | 4.2 (including) | 4.2.15 (excluding) |
| Django | Djangoproject | 5.0 (including) | 5.0.8 (excluding) |
| Discovery 1 for RHEL 9 | RedHat | discovery/discovery-server-rhel9:1.12.0-1 | * |
| Discovery 1 for RHEL 9 | RedHat | discovery/discovery-ui-rhel9:1.12.0-1 | * |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | RedHat | python3x-django-0:4.2.15-1.el8ap | * |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | RedHat | python-django-0:4.2.15-1.el9ap | * |
| Red Hat Ansible Automation Platform 2.5 for RHEL 8 | RedHat | automation-controller-0:4.6.2-1.el8ap | * |
| Red Hat Ansible Automation Platform 2.5 for RHEL 9 | RedHat | automation-controller-0:4.6.2-1.el9ap | * |
| RHUI 4 for RHEL 8 | RedHat | python-django-0:4.2.15-1.el8ui | * |
| Python-django | Ubuntu | devel | * |
| Python-django | Ubuntu | esm-infra/bionic | * |
| Python-django | Ubuntu | esm-infra/focal | * |
| Python-django | Ubuntu | focal | * |
| Python-django | Ubuntu | jammy | * |
| Python-django | Ubuntu | noble | * |
| Python-django | Ubuntu | oracular | * |
| Python-django | Ubuntu | plucky | * |
| Python-django | Ubuntu | questing | * |
| Python-django | Ubuntu | trusty/esm | * |
| Python-django | Ubuntu | upstream | * |