View all vulnerabilities

CVE-2024-24680

Django denial-of-service attack in the intcomma template filter

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
5.8
Score Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
django >= 3.2 < 3.2.24; django >= 4.2 < 4.2.10; django >= 5.0 < 5.0.2
Severity
Medium
Ecosystem
Python
Publish Date
February 6, 2024
Modified Date
November 20, 2024