PT-2024-5930 · Django+7 · Django+7

Mprogrammer

·

Published

2024-08-24

·

Updated

2026-01-03

·

CVE-2024-45230

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.15 Django versions 5.0 through 5.0.8 Django versions 5.1 through 5.1.0
Description The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. This issue can be exploited by an attacker to cause a denial-of-service.
Recommendations Django versions 4.2 through 4.2.15: Update to version 4.2.16. Django versions 5.0 through 5.0.8: Update to version 5.0.9. Django versions 5.1 through 5.1.0: Update to version 5.1.1. As a temporary workaround, consider disabling the urlize() and urlizetrunc() functions until a patch is available.

Fix

DoS

Resource Exhaustion

Buffer Overflow

Improper Resource Release

Generation of Error Message Containing Sensitive Information

Weakness Enumeration

CWE-400CWE-120CWE-404CWE-209

Related Identifiers

ALT-PU-2024-15283
ALT-PU-2025-10176
BDU:2024-06736
BDU:2025-09401
BIT-DJANGO-2024-45230
CVE-2024-45230
GHSA-5HGC-2VFP-MQVC
MGASA-2025-0039
OESA-2024-2278
OESA-2024-2279
OESA-2024-2280
OESA-2024-2281
OESA-2024-2282
OPENSUSE-SU-2024:0282-1
OPENSUSE-SU-2024:14310-1
OPENSUSE-SU-2024:14318-1
OPENSUSE-SU-2024_3139-1
OPENSUSE-SU-2024_3161-1
OPENSUSE-SU-2024_3187-1
OPENSUSE-SU-2026:10005-1
PYSEC-2024-102
RHSA-2024:8534
SUSE-SU-2024:3139-1
SUSE-SU-2024:3161-1
SUSE-SU-2024:3187-1
USN-6987-1

Affected Products

Alt Linux
Astra Linux
Debian
Django
Linuxmint
Red Os
Suse
Ubuntu