Bug 2261856 (CVE-2024-24680) - CVE-2024-24680 Django: denial-of-service in ``intcomma`` template filter
Summary: CVE-2024-24680 Django: denial-of-service in ``intcomma`` template filter
Keywords:
Status: NEW
Alias: CVE-2024-24680
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2261861 2261866 2261867 2261858 2261859 2261860 2261862 2261863 2261864 2261865 2263504 2263505 2263506 2263507
Blocks: 2261857
TreeView+ depends on / blocked
 
Reported: 2024-01-30 06:41 UTC by Rohit Keshri
Modified: 2025-05-15 08:28 UTC (History)
67 users (show)

Fixed In Version: django 3.2.24, django 4.2.10, django 5.0.2
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:1057 0 None None None 2024-02-29 19:41:57 UTC
Red Hat Product Errata RHSA-2024:1640 0 None None None 2024-04-02 19:30:31 UTC
Red Hat Product Errata RHSA-2024:1878 0 None None None 2024-04-18 01:52:11 UTC
Red Hat Product Errata RHSA-2024:2731 0 None None None 2024-05-22 20:33:15 UTC
Red Hat Product Errata RHSA-2024:5662 0 None None None 2024-08-20 20:30:37 UTC

Description Rohit Keshri 2024-01-30 06:41:14 UTC 
The ``intcomma`` template filter was subject to a potential denial-of-service
attack when used with very long strings.

Refer:
https://www.djangoproject.com/security/
Comment 3 Borja Tarraso 2024-02-09 13:00:24 UTC 
Created python-django tracking bugs for this issue:

Affects: epel-all [bug 2263504]
Affects: fedora-all [bug 2263505]
Affects: openstack-rdo [bug 2263507]


Created python-django3 tracking bugs for this issue:

Affects: fedora-all [bug 2263506]
Comment 4 errata-xmlrpc 2024-02-29 19:41:54 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 9
  Red Hat Ansible Automation Platform 2.4 for RHEL 8

Via RHSA-2024:1057 https://access.redhat.com/errata/RHSA-2024:1057
Comment 5 errata-xmlrpc 2024-04-02 19:30:28 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 9
  Red Hat Ansible Automation Platform 2.4 for RHEL 8

Via RHSA-2024:1640 https://access.redhat.com/errata/RHSA-2024:1640
Comment 6 errata-xmlrpc 2024-04-18 01:52:08 UTC 
This issue has been addressed in the following products:

  RHUI 4 for RHEL 8

Via RHSA-2024:1878 https://access.redhat.com/errata/RHSA-2024:1878
Comment 7 errata-xmlrpc 2024-05-22 20:33:12 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1 for RHEL 9

Via RHSA-2024:2731 https://access.redhat.com/errata/RHSA-2024:2731
Comment 8 errata-xmlrpc 2024-08-20 20:30:34 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.15 for RHEL 8

Via RHSA-2024:5662 https://access.redhat.com/errata/RHSA-2024:5662
Note You need to log in before you can comment on or make changes to this bug.