CVE-2024-41991
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Aug 7, 2024
CWE ID 130
CWE ID 1284
Summary
CVE-2024-41991 is a denial-of-service vulnerability affecting Django versions 5.0 before 5.0.8 and 4.2 before 4.2.15. maliciously crafted inputs containing a vast number of Unicode characters can exploit the urlize, urlizetrunc template filters, and the AdminURLFieldWidget widget, resulting in excessive memory consumption and potential server crashes. This issue may lead to unavailability of services and potentially impact application availability. Users are urged to update their Django installations to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Django
Affected Vendors
- Django Software Foundation