Improper Handling of Length Parameter Inconsistency in Django

CVE-2024-38875

Django

High

8.7/10

Summary

An issue was discovered in Django versions prior to 4.2.14, 5.0.x prior to 5.0.7, 5.1a1, and 5.1b1. "urlize" and "urlizetrunc" were subject to a potential Denial of Service attack via certain inputs with a very large number of brackets.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-130 - Improper Handling of Length Parameter Inconsistency

The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

References

Advisory
Advisory

Advisory Timeline

Published Jul 10, 2024

Improper Handling of Length Parameter Inconsistency in Django

CVE-2024-38875

Summary

CWE-130 - Improper Handling of Length Parameter Inconsistency

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS