CVE-2024-39614
Published: 9 July 2024
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
Notes
| Author | Note |
|---|---|
| alexmurray |
upstream advises that only versions 4.2, 5.0 and 5.1 (plus main development branch) are affected but it is likely earlier versions may also be affected but upstream do not mention this as they are no longer maintained by them |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
python-django
Launchpad, Ubuntu, Debian |
bionic |
Released
(1:1.11.11-1ubuntu1.21+esm5)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
| focal |
Released
(2:2.2.12-1ubuntu0.23)
|
|
| jammy |
Released
(2:3.2.12-2ubuntu1.12)
|
|
| mantic |
Released
(3:4.2.4-1ubuntu2.3)
|
|
| noble |
Released
(3:4.2.11-1ubuntu1.1)
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|