Description

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

Remediation

References

CVE-2024-41991

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2005-3453)

WordPress Plugin Duplicate Page and Post SQL Injection (2.5.6)

WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.7.0)

Ruby Cryptographic Issues Vulnerability (CVE-2012-5371)

PHP Improper Input Validation Vulnerability (CVE-2014-3480)

Severity

High

Classification

CVE-2024-41991 CWE-1284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities