HTTP: Django urlize urlizetrunc Denial of Service
This signature detects attempts to exploit a known vulnerability against Django. A successful attack can result in a denial-of-service condition.
Extended Description
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
Affected Products
Djangoproject django
References
CVE: CVE-2024-45230
URL: https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
Short Name
HTTP:DOS:DJANGO-URLZ-TRUNC
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2024-45230 Denial Django Service of urlize urlizetrunc
Release Date
11/13/2024
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
Sigpack Version
3764
False Positive
Rarely
Vendors
Djangoproject