2295938 – (CVE-2024-39614) CVE-2024-39614 python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()

Bug 2295938 (CVE-2024-39614) - CVE-2024-39614 python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()

Summary: CVE-2024-39614 python-django: Potential denial-of-service in django.utils.tra...

Keywords:
Status:	NEW
Alias:	CVE-2024-39614
Deadline:	2024-07-09
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2296458 2296459 2296460 2296461 2296462 2296463 2296464
Blocks:
TreeView+	depends on / blocked

Reported:	2024-07-05 09:58 UTC by TEJ RATHI
Modified:	2025-05-15 08:28 UTC (History)
CC List:	62 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:6428	None	None	None	2024-09-05 14:09:57 UTC
Red Hat Product Errata	RHSA-2024:8906	None	None	None	2024-11-05 17:25:03 UTC
Red Hat Product Errata	RHSA-2024:9481	None	None	None	2024-11-13 13:18:10 UTC
Red Hat Product Errata	RHSA-2025:1335	None	None	None	2025-02-12 00:09:26 UTC

Description TEJ RATHI 2024-07-05 09:58:23 UTC

get_supported_language_variant() was subject to a potential
denial-of-service attack when used with very long strings including a specific set of characters.

Affected versions
=================

* Django main development branch
* Django 5.1 
* Django 5.0
* Django 4.2

Comment 2 errata-xmlrpc 2024-09-05 14:09:54 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 9
  Red Hat Ansible Automation Platform 2.4 for RHEL 8

Via RHSA-2024:6428 https://access.redhat.com/errata/RHSA-2024:6428

Comment 3 errata-xmlrpc 2024-11-05 17:24:59 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.16 for RHEL 8
  Red Hat Satellite 6.16 for RHEL 9

Via RHSA-2024:8906 https://access.redhat.com/errata/RHSA-2024:8906

Comment 4 errata-xmlrpc 2024-11-13 13:18:07 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Services on OpenShift 18.0

Via RHSA-2024:9481 https://access.redhat.com/errata/RHSA-2024:9481

Comment 5 errata-xmlrpc 2025-02-12 00:09:23 UTC

This issue has been addressed in the following products:

  RHUI 4 for RHEL 8

Via RHSA-2025:1335 https://access.redhat.com/errata/RHSA-2025:1335

Note You need to log in before you can comment on or make changes to this bug.

apevec
bbuckingham
brking
caswilli
cmoore
davidn
dranck
eglynn
ehelms
epacific
ggainey
gmccullo
gtanzill
haoli
hkataria
jajackso
jcammara
jhardy
jjoyce
jmitchel
jneedle
jobarker
jschluet
jtanner
juwatts
jweng
jwong
kaycoth
kegrant
kholdawa
koliveir
kshier
lcouzens
lhh
lphiri
lsvaty
mabashia
mburns
mgarciac
mhulan
mminar
mskarbek
nmoumoul
pbraun
pcreech
pgrist
rbiba
rbobbitt
rchan
rhos-maint
security-response-team
shvarugh
simaishi
smallamp
smcdonal
sskracic
stcannon
teagle
tfister
thavo
yguenane
zsadeh