CVE-2024-24680

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-24680

CGA ID

CGA-7wj7-9876-vw6h

Severity

Unknown

Description

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

References

https://images.chainguard.dev/security/CGA-7wj7-9876-vw6h
https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
https://docs.djangoproject.com/en/5.0/releases/security/
https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
https://groups.google.com/forum/#%21forum/django-announce
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
https://security-tracker.debian.org/tracker/CVE-2024-24680

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2024-24680

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources