CVE-2024-41991

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 7, 2024
CWE ID 130
CWE ID 1284

Summary

CVE-2024-41991 is a denial-of-service vulnerability affecting Django versions 5.0 before 5.0.8 and 4.2 before 4.2.15. maliciously crafted inputs containing a vast number of Unicode characters can exploit the urlize, urlizetrunc template filters, and the AdminURLFieldWidget widget, resulting in excessive memory consumption and potential server crashes. This issue may lead to unavailability of services and potentially impact application availability. Users are urged to update their Django installations to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Django

Affected Vendors

  • Django Software Foundation