CVSS 3.1 Score 6.1 of 10 (medium)


Published Jun 26, 2024


The vulnerability with CVE ID CVE-2024-21520 affects versions of the djangorestframework package before 3.15.2. It is classified as a Cross-site Scripting (XSS) vulnerability, which allows malicious actors to inject and execute arbitrary code on a website. The vulnerability specifically occurs due to improper input sanitization in the break_long_headers template filter, which results in the splitting and joining of code with <br> tags. The affected products are 'wptVgl' and 'wptWPW'. To remediate this vulnerability, organizations should update their djangorestframework package to version 3.15.2 or newer. If left unaddressed, this vulnerability poses a medium risk to organizations as it could lead to unauthorized access, data theft, or other malicious activities on their websites or web applications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-21520 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions