CVE-2024-39614: Django CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614
Published Jul 5, 2024
·Updated
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. `get_supported_language_variant()` was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
Affected Software
6 affected componentsFixes available
pip/Django>=4.2<4.2.14
4.2.14
pip/Django>=5.0<5.0.7
5.0.7
debian/python-django<=2:2.2.28-1~deb11u2, <=3:3.2.19-1+deb12u1
3:4.2.16-1
IBM Storage Defender - Resiliency Service<=2.0.0 - 2.0.9
djangoproject Django>=4.2<4.2.14
djangoproject Django>=5.0<5.0.7
Event History
Jul 5, 2024
Data Sourced
via Red Hat·09:58 AM
DescriptionSeverityAffected Software
Jul 10, 2024
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·05:15 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·05:15 AM
Affected Software
Advisory Published
via GitHub·06:33 AM
Sep 15, 2024
Data Sourced
via Ubuntu·07:46 PM
RemedyDescriptionSeverityAffected Software
Dec 18, 2024
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-39614?
CVE-2024-39614 has a severity rating that indicates a potential denial-of-service attack vulnerability.
2
How do I fix CVE-2024-39614?
To fix CVE-2024-39614, upgrade Django to version 5.0.7 or 4.2.14 or later.
3
What versions of Django are affected by CVE-2024-39614?
CVE-2024-39614 affects Django 5.0 prior to 5.0.7 and 4.2 prior to 4.2.14.
4
Can CVE-2024-39614 affect my applications?
Yes, CVE-2024-39614 can affect applications that use the vulnerable versions of Django and may lead to denial-of-service.
5
Is there a workaround for CVE-2024-39614?
There is no documented workaround for CVE-2024-39614; upgrading to the fixed versions is recommended.