VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-q4q6-yfng-aaag

Essentials
Severities (112)
References (30)
Severity details (27)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-q4q6-yfng-aaag
Aliases	BIT-django-2024-27351 CVE-2024-27351 GHSA-vm8q-m57g-pff3 PYSEC-2024-47
Summary	In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1333	Inefficient Regular Expression Complexity
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00184	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00216	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00216	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.0048	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00494	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00802	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00802	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00802	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00802	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00802	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00824	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00824	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.00824	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.01221	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.14762	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.14762	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.14762	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.14762	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.14762	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.14762	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.14762	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.14762	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.18816	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
epss	0.24658	https://api.first.org/data/v1/epss?cve=CVE-2024-27351
cvssv3.1	5.3	https://docs.djangoproject.com/en/5.0/releases/security
generic_textual	MODERATE	https://docs.djangoproject.com/en/5.0/releases/security
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-vm8q-m57g-pff3
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	5.3	https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
generic_textual	MODERATE	https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
cvssv3.1	5.3	https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
generic_textual	MODERATE	https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
cvssv3.1	5.3	https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
generic_textual	MODERATE	https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
cvssv3.1	5.3	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
cvssv3.1	3.7	https://groups.google.com/forum/#%21forum/django-announce
generic_textual	MODERATE	https://groups.google.com/forum/#%21forum/django-announce
cvssv3.1	5.3	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
cvssv3.1	5.3	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
cvssv3.1	5.3	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
cvssv3.1	5.3	https://www.djangoproject.com/weblog/2024/mar/04/security-releases
generic_textual	MODERATE	https://www.djangoproject.com/weblog/2024/mar/04/security-releases
cvssv3.1	5.3	http://www.openwall.com/lists/oss-security/2024/03/04/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2024/03/04/1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-27351
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
		https://docs.djangoproject.com/en/5.0/releases/security
		https://docs.djangoproject.com/en/5.0/releases/security/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django
		https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
		https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
		https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
		https://groups.google.com/forum/#%21forum/django-announce
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
		https://www.djangoproject.com/weblog/2024/mar/04/security-releases
		https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
		http://www.openwall.com/lists/oss-security/2024/03/04/1
2266045		https://bugzilla.redhat.com/show_bug.cgi?id=2266045
CVE-2024-27351		https://nvd.nist.gov/vuln/detail/CVE-2024-27351
GHSA-vm8q-m57g-pff3		https://github.com/advisories/GHSA-vm8q-m57g-pff3
RHSA-2024:1878		https://access.redhat.com/errata/RHSA-2024:1878
RHSA-2024:3781		https://access.redhat.com/errata/RHSA-2024:3781
RHSA-2024:5662		https://access.redhat.com/errata/RHSA-2024:5662
RHSA-2025:4187		https://access.redhat.com/errata/RHSA-2025:4187
USN-6674-1		https://usn.ubuntu.com/6674-1/
USN-6674-2		https://usn.ubuntu.com/6674-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://docs.djangoproject.com/en/5.0/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://groups.google.com/forum/#%21forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.djangoproject.com/weblog/2024/mar/04/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/03/04/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.11214
EPSS Score	0.00044
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-04-23T17:19:10.064929+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-27351	34.0.0rc4