CVE-2024-38875
Published: 9 July 2024
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.
Notes
Author | Note |
---|---|
alexmurray |
upstream advises that only versions 4.2, 5.0 and 5.1 (plus main development branch) are affected but it is likely earlier versions may also be affected but upstream do not mention this as they are no longer maintained by them |
Priority
Status
Package | Release | Status |
---|---|---|
python-django
Launchpad, Ubuntu, Debian |
bionic |
Released
(1:1.11.11-1ubuntu1.21+esm5)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
focal |
Released
(2:2.2.12-1ubuntu0.23)
|
|
jammy |
Released
(2:3.2.12-2ubuntu1.12)
|
|
mantic |
Released
(3:4.2.4-1ubuntu2.3)
|
|
noble |
Released
(3:4.2.11-1ubuntu1.1)
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|