CVE-2024-45230 — Classic Buffer Overflow in Django

CWE-120 — Classic Buffer Overflow CWE-400 — Uncontrolled Resource Consumption10 documents8 sources

Severity

7.5HIGHNVD

EPSS

2.7%

top 14.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Djangoproject Django

Timeline

PublishedOct 8

Latest updateFeb 5

Description

An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDdjangoproject/django4.2.0 — 4.2.16+2

▶PyPIdjangoproject/django5.1 — 5.1.1+2

🔴Vulnerability Details

OSV

CVE-2024-45230: An issue was discovered in Django 5↗2024-10-08

▶

GHSA

Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters↗2024-10-08

▶

OSV

Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters↗2024-10-08

▶

CVEList

CVE-2024-45230: An issue was discovered in Django 5↗2024-10-08

▶

OSV

python-django vulnerabilities↗2024-09-03

▶

📋Vendor Advisories

Ubuntu

Django vulnerabilities↗2024-09-03

▶

Red Hat

python-django: Potential denial-of-service vulnerability in django.utils.html.urlize()↗2024-09-03

▶

Debian

CVE-2024-45230: python-django - An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 be...↗2024

▶

💬Community

HackerOne

CVE-2024-45230 - Potential denial-of-service in django.utils.html.urlize() (Another pattern)↗2025-02-05

▶