CVE-2024-24680
published 2024-02-06CVE-2024-24680: An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential…
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.61%
72.8th percentile
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-django | < python-django 3:3.2.25-0+deb12u1 (bookworm) | python-django 3:3.2.25-0+deb12u1 (bookworm) |
| djangoproject | django | >= 3.2 < 3.2.24 | 3.2.24 |
| djangoproject | django | >= 3.2 < 3.2.24 | 3.2.24 |
| djangoproject | django | >= 4.2 < 4.2.10 | 4.2.10 |
| djangoproject | django | >= 4.2 < 4.2.10 | 4.2.10 |
| djangoproject | django | >= 5.0 < 5.0.2 | 5.0.2 |
| djangoproject | django | >= 5.0 < 5.0.2 | 5.0.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Django denial-of-service attack in the intcomma template filter
osv·2024-02-07
CVE-2024-24680 [HIGH] Django denial-of-service attack in the intcomma template filter
Django denial-of-service attack in the intcomma template filter
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
GHSA
Django denial-of-service attack in the intcomma template filter
ghsa·2024-02-07
CVE-2024-24680 [HIGH] CWE-770 Django denial-of-service attack in the intcomma template filter
Django denial-of-service attack in the intcomma template filter
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
OSV
CVE-2024-24680: An issue was discovered in Django 3
osv·2024-02-06·CVSS 7.5
CVE-2024-24680 [HIGH] CVE-2024-24680: An issue was discovered in Django 3
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
Ubuntu
Django vulnerability
vendor_ubuntu·2024-02-06
CVE-2024-24680 Django vulnerability
Title: Django vulnerability
Summary: Django could be made to denial of service if received a specially
crafted input.
It was discovered that Django incorrectly handled certain inputs
that uses intcomma template filter. An attacker could possibly
use this issue to cause a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
Django: denial-of-service in ``intcomma`` template filter
vendor_redhat·2024-02-06·CVSS 7.5
CVE-2024-24680 [HIGH] Django: denial-of-service in ``intcomma`` template filter
Django: denial-of-service in ``intcomma`` template filter
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
A vulnerability was found in Django. When used with very long strings, the intcomma template filter was subject to a potential denial of service attack.
Statement: Redhat has rated this vulnerability as moderate severity because exploitation of this vulnerability is only theoretical in nature and can only result in a denial of service bug.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deploym
Debian
CVE-2024-24680: python-django - An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Djan...
vendor_debian·2024·CVSS 7.5
CVE-2024-24680 [HIGH] CVE-2024-24680: python-django - An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Djan...
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
Scope: local
bookworm: resolved (fixed in 3:3.2.25-0+deb12u1)
bullseye: resolved (fixed in 2:2.2.28-1~deb11u7)
forky: resolved (fixed in 3:4.2.10-1)
sid: resolved (fixed in 3:4.2.10-1)
trixie: resolved (fixed in 3:4.2.10-1)
No detection rules found.
No public exploits indexed.
https://docs.djangoproject.com/en/5.0/releases/security/https://groups.google.com/forum/#%21forum/django-announcehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/https://www.djangoproject.com/weblog/2024/feb/06/security-releases/https://docs.djangoproject.com/en/5.0/releases/security/https://groups.google.com/forum/#%21forum/django-announcehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/https://lists.fedoraproject.org/archives/list/[email protected]/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/https://lists.fedoraproject.org/archives/list/[email protected]/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
2024-02-06
Published