mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-07 07:15:35 +00:00
Code Issues 32 Releases Wiki Activity

[5.1.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.

Browse Source 
Thank you to Elias Myllymäki for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
This commit is contained in:
Adam Johnson
2024-06-24 15:30:59 +02:00
committed by Natalia
parent 79246129f7
commit 44aef996c8
4 changed files with 86 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/releases/5.0.7.txt
View File

@@ -7,6 +7,13 @@ Django 5.0.7 release notes
Django 5.0.7 fixes two security issues with severity "moderate", two security
issues with severity "low", and several bugs in 5.0.6.
CVE-2024-38875: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
===========================================================================================
:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential
denial-of-service attack via certain inputs with a very large number of
brackets.
Bugfixes
========