#VU96742 Resource management error in Django - CVE-2024-45230

Cybersecurity Help s.r.o.

Published: 2024-09-03

Vulnerability identifier: #VU96742

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-45230

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Django
Web applications / CMS

Vendor: Django Software Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in urlize and urlizetrunc. A remote attacker can pass very large inputs with a specific sequence of characters the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Django: 4.2 - 4.2.15, 5.0 - 5.1

External links
http://www.djangoproject.com/weblog/2024/sep/03/security-releases/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Edge Data Collector

Multiple vulnerabilities in Migration Toolkit for Containers 1.8

Multiple vulnerabilities in Ansible Automation Platform 2.5 packages

openEuler 22.03 LTS SP4 update for python-django

openEuler 22.03 LTS SP3 update for python-django

openEuler 20.03 LTS SP4 update for python-django

openEuler 22.03 LTS SP1 update for python-django

openEuler 24.03 LTS update for python-django

Oracle Solaris update for third-party components

SUSE update for python-Django