Search for vulnerabilities
Vulnerability details: VCID-adsn-8dtx-aaan
Vulnerability ID VCID-adsn-8dtx-aaan
Aliases BIT-django-2024-41990
CVE-2024-41990
GHSA-795c-9xpc-xw6g
PYSEC-2024-68
Summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-130 Improper Handling of Length Parameter Inconsistency
CWE-400 Uncontrolled Resource Consumption
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00333 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00537 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00664 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00664 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
epss 0.00664 https://api.first.org/data/v1/epss?cve=CVE-2024-41990
cvssv3.1 3.7 https://docs.djangoproject.com/en/dev/releases/security
generic_textual MODERATE https://docs.djangoproject.com/en/dev/releases/security
generic_textual Medium https://docs.djangoproject.com/en/dev/releases/security/
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-795c-9xpc-xw6g
cvssv3.1 3.7 https://github.com/django/django
generic_textual MODERATE https://github.com/django/django
cvssv3.1 5.3 https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93
generic_textual MODERATE https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93
cvssv3.1 5.3 https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88
generic_textual MODERATE https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88
cvssv3.1 5.3 https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml
cvssv3.1 3.7 https://groups.google.com/forum/#%21forum/django-announce
generic_textual MODERATE https://groups.google.com/forum/#%21forum/django-announce
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2024-41990
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-41990
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-41990
cvssv3.1 9.1 https://www.djangoproject.com/weblog/2024/aug/06/security-releases
generic_textual CRITICAL https://www.djangoproject.com/weblog/2024/aug/06/security-releases
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json
https://api.first.org/data/v1/epss?cve=CVE-2024-41990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41990
https://docs.djangoproject.com/en/dev/releases/security
https://docs.djangoproject.com/en/dev/releases/security/
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/django/django
https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93
https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88
https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml
https://groups.google.com/forum/#%21forum/django-announce
https://nvd.nist.gov/vuln/detail/CVE-2024-41990
https://www.djangoproject.com/weblog/2024/aug/06/security-releases
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
1078074 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
2302434 https://bugzilla.redhat.com/show_bug.cgi?id=2302434
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
GHSA-795c-9xpc-xw6g https://github.com/advisories/GHSA-795c-9xpc-xw6g
RHSA-2025:1335 https://access.redhat.com/errata/RHSA-2025:1335
USN-6946-1 https://usn.ubuntu.com/6946-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://docs.djangoproject.com/en/dev/releases/security
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://groups.google.com/forum/#%21forum/django-announce
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-41990
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-41990
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://www.djangoproject.com/weblog/2024/aug/06/security-releases
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.22280
EPSS Score 0.00053
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-07-31T12:46:41.782444+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 34.0.0rc4