CVE-2024-41990

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 7, 2024

CWE ID 130

Summary

CVE-2024-41990 is a newly disclosed vulnerability affecting Django versions 5.0 before 5.0.8 and 4.2 before 4.2.15. This issue lies in the urlize() and urlizetrunc() template filters, which can be exploited through very large inputs containing a specific character sequence. Attackers can leverage this vulnerability to mount a denial-of-service attack, potentially causing the affected application to crash or consume excessive resources. It is essential for Django users to upgrade their software to the latest patch releases as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Django

Affected Vendors

Django Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xPXEzJ
https://www.cve.org/CVERecord?id=CVE-2024-41990
https://nvd.nist.gov/vuln/detail/CVE-2024-41990

Back to Vulnerability Database