Improper Validation of Specified Quantity in Input
CVE-2024-41991
Summary
An issue was discovered in Django versions through 4.2.14, 5.0a1 through 5.0.7, and 5.1a1 through 5.1rc1. The "urlize" and "urlizetrunc" template filters, and the "AdminURLFieldWidget" widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-1284 - Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
References
Advisory Timeline
- Published