CVE-2024-24680 - Vulnerability Details

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Djangoproject	Django
Redhat	Ansible Automation Platform Openstack Rhui Satellite Satellite Capsule

Configuration 1 [-]

OR	cpe:2.3:a:djangoproject:django::::::::
	cpe:2.3:a:djangoproject:django::::::::
	cpe:2.3:a:djangoproject:django::::::::

Package	CPE	Advisory	Released Date
Red Hat Ansible Automation Platform 2.4 for RHEL 8
python3x-django-0:4.2.10-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.4::el8	RHSA-2024:1057	2024-02-29T00:00:00Z
automation-controller-0:4.5.5-2.el8ap	cpe:/a:redhat:ansible_automation_platform:2.4::el8	RHSA-2024:1640	2024-04-02T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 9
python-django-0:4.2.10-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.4::el9	RHSA-2024:1057	2024-02-29T00:00:00Z
automation-controller-0:4.5.5-2.el9ap	cpe:/a:redhat:ansible_automation_platform:2.4::el9	RHSA-2024:1640	2024-04-02T00:00:00Z
Red Hat OpenStack Platform 17.1 for RHEL 9
python-django-0:2.2.24-8.el9ost	cpe:/a:redhat:openstack:17.1::el9	RHSA-2024:2731	2024-05-22T00:00:00Z
Red Hat Satellite 6.15 for RHEL 8
python-django-0:4.2.14-1.el8pc	cpe:/a:redhat:satellite:6.15::el8	RHSA-2024:5662	2024-08-20T00:00:00Z
python-django-0:4.2.14-1.el8pc	cpe:/a:redhat:satellite_capsule:6.15::el8	RHSA-2024:5662	2024-08-20T00:00:00Z
RHUI 4 for RHEL 8
python-django-0:4.2.11-1.el8ui	cpe:/a:redhat:rhui:4::el8	RHSA-2024:1878	2024-04-18T00:00:00Z

References

Link	Providers
https://docs.djangoproject.com/en/5.0/releases/security/
https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
https://groups.google.com/forum/#%21forum/django-announce
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
https://nvd.nist.gov/vuln/detail/CVE-2024-24680
https://www.cve.org/CVERecord?id=CVE-2024-24680
https://www.djangoproject.com/weblog/2024/feb/06/security-releases/

History

Wed, 21 Aug 2024 06:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat satellite Redhat satellite Capsule
CPEs		cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_capsule:6.15::el8
Vendors & Products		Redhat satellite Redhat satellite Capsule

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-02-06T00:00:00

Updated: 2024-08-01T23:28:11.095Z

Reserved: 2024-01-26T00:00:00

Link: CVE-2024-24680

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-02-06T22:16:15.470

Modified: 2024-11-21T08:59:29.843

Link: CVE-2024-24680

Redhat

Severity : Moderate

Publid Date: 2024-02-06T15:00:00Z

Links: CVE-2024-24680 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object