CVE-2024-38875: Django CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614
Published Jul 5, 2024
·Updated
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.
Affected Software
6 affected componentsFixes available
pip/Django>=5.0<5.0.7
5.0.7
pip/Django>=4.2<4.2.14
4.2.14
debian/python-django<=2:2.2.28-1~deb11u2, <=3:3.2.19-1+deb12u1
3:4.2.16-1
IBM Storage Defender - Resiliency Service<=2.0.0 - 2.0.9
djangoproject Django>=4.2<4.2.14
djangoproject Django>=5.0<5.0.7
Event History
Jul 5, 2024
Data Sourced
via Red Hat·09:58 AM
DescriptionSeverityAffected Software
Jul 10, 2024
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·05:15 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·05:15 AM
Affected Software
Advisory Published
via GitHub·06:33 AM
Sep 15, 2024
Data Sourced
via Ubuntu·07:46 PM
RemedyDescriptionSeverityAffected Software
Dec 18, 2024
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-38875?
CVE-2024-38875 has a severity that indicates a potential denial of service risk in affected versions of Django.
2
How do I fix CVE-2024-38875?
To fix CVE-2024-38875, upgrade to Django version 4.2.14 or 5.0.7 or later.
3
Which versions of Django are affected by CVE-2024-38875?
CVE-2024-38875 affects Django versions prior to 4.2.14 and 5.0 before 5.0.7.
4
What types of attacks are enabled by CVE-2024-38875?
CVE-2024-38875 may enable denial of service attacks through improper handling of inputs with numerous brackets.
5
Is there a specific recommendation for users of Django related to CVE-2024-38875?
Users of Django are advised to update their installations to the patched versions to mitigate the risks posed by CVE-2024-38875.