CVE-2024-24680

Django denial-of-service attack in the intcomma template filter

Description

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

5.9

Severity

Medium

Ecosystem

Python

Publish Date

February 6, 2024

Modified Date

June 10, 2026

Score Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Versions