—

PYSEC-2024-56

상세

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / django

최초 영향 버전: 4.2 수정 버전: 4.2.14

수정 pip install --upgrade 'django>=4.2.14'

참고

https://docs.djangoproject.com/en/dev/releases/security/ [WEB]
https://groups.google.com/forum/#%21forum/django-announce [WEB]
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/ [ARTICLE]
https://github.com/advisories/GHSA-qg2p-9jwr-mmqf [ADVISORY]