CVE-2024-41989: Django CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42005
Published Aug 2, 2024
·Updated
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
Affected Software
6 affected componentsFixes available
pip/Django>=4.2<4.2.15
4.2.15
pip/Django>=5.0<5.0.8
5.0.8
debian/python-django<=2:2.2.28-1~deb11u2, <=3:3.2.19-1+deb12u1
3:4.2.16-1
djangoproject Django>=4.2<4.2.15
djangoproject Django>=5.0<5.0.8
IBM Storage Defender - Resiliency Service<=2.0.0 - 2.0.9
Remediation
Patch Available
Event History
Aug 2, 2024
Data Sourced
via Red Hat·01:45 AM
DescriptionSeverityAffected Software
Aug 7, 2024
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·03:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Advisory Published
via GitHub·03:30 PM
Sep 15, 2024
Data Sourced
via Ubuntu·07:32 PM
RemedyDescriptionSeverityAffected Software
Dec 18, 2024
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-41989?
CVE-2024-41989 has a high severity rating due to the potential for significant memory consumption.
2
How do I fix CVE-2024-41989?
To fix CVE-2024-41989, update Django to version 4.2.15 or 5.0.8 or later.
3
Which versions of Django are affected by CVE-2024-41989?
CVE-2024-41989 affects Django versions before 5.0.8 and 4.2 before 4.2.15.
4
What impact does CVE-2024-41989 have on applications?
CVE-2024-41989 can lead to application instability due to excessive memory consumption resulting from certain input.
5
Is there a workaround for CVE-2024-41989?
There is no officially recommended workaround for CVE-2024-41989; upgrading to a patched version is necessary.