Bug 2314485 (CVE-2024-45230) - CVE-2024-45230 python-django: Potential denial-of-service vulnerability in django.utils.html.urlize()
Summary: CVE-2024-45230 python-django: Potential denial-of-service vulnerability in dj...
Keywords:
Status: NEW
Alias: CVE-2024-45230
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2314486 2314491 2314487 2314488 2314489 2314490 2314492 2314493
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-09-24 19:42 UTC by OSIDB Bzimport
Modified: 2025-05-15 08:28 UTC (History)
50 users (show)

Fixed In Version: django-5.1.1,django-5.0.9,django-4.2.16
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:8534 0 None None None 2024-10-28 13:22:15 UTC

Description OSIDB Bzimport 2024-09-24 19:42:20 UTC 
urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
Comment 1 errata-xmlrpc 2024-10-28 13:22:12 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 9
  Red Hat Ansible Automation Platform 2.5 for RHEL 8

Via RHSA-2024:8534 https://access.redhat.com/errata/RHSA-2024:8534
Comment 2 Vedashree Deshpande 2025-01-10 11:05:56 UTC 
Hello, 

I can see this package is released in Satellite 6.16, is it possible to simply download it in Satellite 6.15?
Note You need to log in before you can comment on or make changes to this bug.