DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-56374

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-56374

CGA ID

CGA-qq6w-wv4m-p3w5

Severity

5.8

Medium

CVSS V3

Summary

Django has a potential denial-of-service vulnerability in IPv6 validation

Description

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images