Description

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

Remediation

References

CVE-2024-24680

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-2229)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1159)

Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2024-41991)

Apache HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2007-1741)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.0.21)

Severity

High

Classification

CVE-2024-24680 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities