CVE-2024-24680

7.5 HIGH

Published: February 06, 2024 Modified: November 04, 2025

Description

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://docs.djangoproject.com/en/5.0/releases/security/

Source: cve@mitre.org

Patch Vendor Advisory

https://groups.google.com/forum/#%21forum/django-announce

Source: cve@mitre.org

Permissions Required

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/

Source: cve@mitre.org

https://www.djangoproject.com/weblog/2024/feb/06/security-releases/

Source: cve@mitre.org

Release Notes

https://docs.djangoproject.com/en/5.0/releases/security/