mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.

Browse Source 
Thank you to Elias Myllymäki for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
This commit is contained in:
Adam Johnson
2024-06-24 15:30:59 +02:00
committed by Natalia
parent af84bcc8d1
commit d666457453
4 changed files with 86 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/releases/4.2.14.txt
View File

@@ -7,3 +7,9 @@ Django 4.2.14 release notes
Django 4.2.14 fixes two security issues with severity "moderate" and two
security issues with severity "low" in 4.2.13.
CVE-2024-38875: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
===========================================================================================
:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential
denial-of-service attack via certain inputs with a very large number of
brackets.