CVE-2024-39614 — Improper Handling of Length Parameter Inconsistency in Django

CWE-130 — Improper Handling of Length Parameter Inconsistency CWE-1287 — Improper Validation of Specified Type of Input CWE-770 — Allocation of Resources Without Limits or Throttling9 documents7 sources

Severity

7.5HIGHNVD

EPSS

6.8%

top 8.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Djangoproject Django

Timeline

PublishedJul 10

Latest updateJul 11

Description

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDdjangoproject/django4.2 — 4.2.14+1

▶PyPIdjangoproject/django5.0 — 5.0.7+1

🔴Vulnerability Details

OSV

Django vulnerable to Denial of Service↗2024-07-10

▶

CVEList

CVE-2024-39614: An issue was discovered in Django 5↗2024-07-10

▶

OSV

CVE-2024-39614: An issue was discovered in Django 5↗2024-07-10

▶

GHSA

Django vulnerable to Denial of Service↗2024-07-10

▶

📋Vendor Advisories

Ubuntu

Django vulnerabilities↗2024-07-11

▶

Ubuntu

Django vulnerabilities↗2024-07-09

▶

Red Hat

python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()↗2024-07-09

▶

Debian

CVE-2024-39614: python-django - An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_su...↗2024

▶