CVE-2024-41989

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*

History

08 Aug 2024, 20:35

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en Django 5.0 anterior a 5.0.8 y 4.2 anterior a 4.2.15. El filtro de plantilla de formato flotante está sujeto a un consumo de memoria significativo cuando se le proporciona una representación de cadena de un número en notación científica con un exponente grande.

07 Aug 2024, 20:50

Type Values Removed Values Added
References () https://docs.djangoproject.com/en/dev/releases/security/ - () https://docs.djangoproject.com/en/dev/releases/security/ - Patch, Vendor Advisory
References () https://groups.google.com/forum/#%21forum/django-announce - () https://groups.google.com/forum/#%21forum/django-announce - Not Applicable
References () https://www.djangoproject.com/weblog/2024/aug/06/security-releases/ - () https://www.djangoproject.com/weblog/2024/aug/06/security-releases/ - Vendor Advisory
CPE cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
First Time Djangoproject django
Djangoproject
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE NVD-CWE-noinfo

07 Aug 2024, 15:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-07 15:15

Updated : 2024-08-08 20:35


NVD link : CVE-2024-41989

Mitre link : CVE-2024-41989

CVE.ORG link : CVE-2024-41989


JSON object : View

Products Affected

djangoproject

  • django