PT-2024-6068 · Django+6 · Django+6

Mprogrammer

·

Published

2024-07-05

·

Updated

2026-01-03

·

CVE-2024-39614

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.13 Django versions 5.0 through 5.0.6
Description The issue is related to the get supported language variant() function in Django, which can be subject to a potential denial-of-service attack when used with very long strings containing specific characters. This could allow a remote attacker to cause a denial of service.
Recommendations For Django versions 4.2 through 4.2.13, update to version 4.2.14 or later. For Django versions 5.0 through 5.0.6, update to version 5.0.7 or later. As a temporary workaround, consider restricting the input to the get supported language variant() function to prevent very long strings from being processed.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-130

Related Identifiers

ALT-PU-2024-10534
ALT-PU-2025-10176
BDU:2024-06892
BIT-DJANGO-2024-39614
CVE-2024-39614
GHSA-F6F8-9MX6-9MX2
MGASA-2025-0039
OESA-2024-1974
OESA-2024-2003
OESA-2024-2004
OESA-2024-2036
OESA-2024-2280
OPENSUSE-SU-2024:0251-1
OPENSUSE-SU-2024:14203-1
OPENSUSE-SU-2024:14208-1
OPENSUSE-SU-2024_2545-1
OPENSUSE-SU-2026:10005-1
PYSEC-2024-59
RHSA-2024:6428
RHSA-2024:8906
RHSA-2024:9481
RHSA-2025:1335
SUSE-SU-2024:2545-1
SUSE-SU-2024:2577-1
USN-6888-1
USN-6888-2

Affected Products

Alt Linux
Astra Linux
Debian
Django
Linuxmint
Suse
Ubuntu