Veracode Vulnerability DatabaseVERACODE:45408Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.7%
Django is vulnerable to Denial Of Service (DoS). The vulnerability is due to inefficient string processing within the intcomma template filter when a long string is parsed. This issue can be exploited by an attacker to cause DoS.
References
docs.djangoproject.com/en/5.0/releases/security/
github.com/advisories/GHSA-xxj9-f6rv-m3x4
github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
groups.google.com/forum/#%21forum/django-announce
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
www.djangoproject.com/weblog/2024/feb/06/security-releases/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.7%