2295935 – (CVE-2024-38875) CVE-2024-38875 python-django: Potential denial-of-service in django.utils.html.urlize()

Bug 2295935 (CVE-2024-38875) - CVE-2024-38875 python-django: Potential denial-of-service in django.utils.html.urlize()

Summary: CVE-2024-38875 python-django: Potential denial-of-service in django.utils.htm...

Keywords:
Status:	NEW
Alias:	CVE-2024-38875
Deadline:	2024-07-26
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2296450 2296451 2296452 2296453 2296454 2296455
Blocks:
TreeView+	depends on / blocked

Reported:	2024-07-05 09:58 UTC by TEJ RATHI
Modified:	2025-04-01 08:28 UTC (History)
CC List:	56 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:6428	None	None	None	2024-09-05 14:10:31 UTC
Red Hat Product Errata	RHSA-2024:8906	None	None	None	2024-11-05 17:24:54 UTC
Red Hat Product Errata	RHSA-2024:9481	None	None	None	2024-11-13 13:18:01 UTC

Description TEJ RATHI 2024-07-05 09:58:05 UTC

django.utils.html.urlize() was subject to a potential denial-of-service attack via certain inputs with a very large number of brackets.

Affected versions
=================

* Django main development branch
* Django 5.1 
* Django 5.0
* Django 4.2

Comment 1 errata-xmlrpc 2024-09-05 14:10:28 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 9
  Red Hat Ansible Automation Platform 2.4 for RHEL 8

Via RHSA-2024:6428 https://access.redhat.com/errata/RHSA-2024:6428

Comment 2 errata-xmlrpc 2024-11-05 17:24:51 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.16 for RHEL 8
  Red Hat Satellite 6.16 for RHEL 9

Via RHSA-2024:8906 https://access.redhat.com/errata/RHSA-2024:8906

Comment 3 errata-xmlrpc 2024-11-13 13:17:57 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Services on OpenShift 18.0

Via RHSA-2024:9481 https://access.redhat.com/errata/RHSA-2024:9481

Note You need to log in before you can comment on or make changes to this bug.

adudiak
apevec
bbuckingham
brking
caswilli
cmoore
davidn
eglynn
ehelms
epacific
ggainey
gmccullo
gtanzill
haoli
hkataria
jcammara
jhardy
jjoyce
jmitchel
jneedle
jobarker
jschluet
jtanner
juwatts
jweng
jwong
kaycoth
kholdawa
kshier
lhh
lphiri
lsvaty
mabashia
mburns
mgarciac
mhulan
mminar
nmoumoul
omaciel
pbraun
pcreech
pgrist
rbiba
rbobbitt
rchan
rhos-maint
security-response-team
simaishi
smcdonal
sskracic
stcannon
teagle
tfister
thavo
yguenane
zsadeh