CVE-2024-24680

Django denial-of-service attack in the intcomma template filter in pypi/Django

Identifiers

GHSA-xxj9-f6rv-m3x4, CVE-2024-24680

Package Slug

pypi/Django

Vulnerability

Django denial-of-service attack in the intcomma template filter

Description

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

Affected Versions

All versions before 3.2.24, all versions starting from 4.2 before 4.2.10, all versions starting from 5.0 before 5.0.2

Solution

Upgrade to versions 3.2.24, 4.2.10, 5.0.2 or above.

Last Modified

2024-02-07

source