PT-2024-1785 · Django+6 · Django+6

Seokchan Yoon

·

Published

2024-02-06

·

Updated

2026-01-03

·

CVE-2024-24680

CVSS v4.0

8.2

High

VectorAV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Django versions 3.2 before 3.2.24 Django versions 4.2 before 4.2.10 Django versions 5.0 before 5.0.2
Description The issue is related to a potential denial-of-service attack when the intcomma template filter is used with very long strings. This could allow a remote attacker to cause a denial of service. The vulnerability is associated with uncontrolled resource consumption.
Recommendations For Django versions 3.2 before 3.2.24, update to version 3.2.24 or later to resolve the issue. For Django versions 4.2 before 4.2.10, update to version 4.2.10 or later to resolve the issue. For Django versions 5.0 before 5.0.2, update to version 5.0.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the intcomma template filter with very long strings until a patch is available.

Fix

Improper Resource Release

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-770

Related Identifiers

ALT-PU-2024-3676
ALT-PU-2024-4472
ALT-PU-2024-8036
ALT-PU-2025-10176
BDU:2024-01517
BIT-DJANGO-2024-24680
CVE-2024-24680
DLA-4210-1
GHSA-XXJ9-F6RV-M3X4
OESA-2024-1163
OESA-2024-1164
OESA-2024-1165
OESA-2024-1166
OESA-2024-1167
OESA-2024-1229
OPENSUSE-SU-2024:13673-1
OPENSUSE-SU-2024:14208-1
OPENSUSE-SU-2026:10005-1
PYSEC-2024-28
RHSA-2024:1057
RHSA-2024:1640
RHSA-2024:1878
RHSA-2024:2731
RHSA-2024:5662
SUSE-SU-2024:0874-1
SUSE-SU-2024:0875-1
USN-6623-1

Affected Products

Alt Linux
Astra Linux
Debian
Django
Linuxmint
Red Os
Ubuntu