High severityNVD Advisory· Published Feb 6, 2024· Updated Nov 4, 2025
CVE-2024-24680
CVE-2024-24680
Description
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 3.2, < 3.2.24 | 3.2.24 |
DjangoPyPI | >= 4.2, < 4.2.10 | 4.2.10 |
DjangoPyPI | >= 5.0, < 5.0.2 | 5.0.2 |
Affected products
34- osv-coords33 versionspkg:apk/chainguard/py3.10-djangopkg:apk/chainguard/py3.10-django-binpkg:apk/chainguard/py3.11-djangopkg:apk/chainguard/py3.11-django-binpkg:apk/chainguard/py3.12-djangopkg:apk/chainguard/py3.12-django-binpkg:apk/chainguard/py3.13-djangopkg:apk/chainguard/py3.13-django-binpkg:apk/chainguard/py3-djangopkg:apk/chainguard/py3-supported-djangopkg:apk/wolfi/py3.10-djangopkg:apk/wolfi/py3.10-django-binpkg:apk/wolfi/py3.11-djangopkg:apk/wolfi/py3.11-django-binpkg:apk/wolfi/py3.12-djangopkg:apk/wolfi/py3.12-django-binpkg:apk/wolfi/py3.13-djangopkg:apk/wolfi/py3.13-django-binpkg:apk/wolfi/py3-djangopkg:apk/wolfi/py3-supported-djangopkg:bitnami/djangopkg:pypi/djangopkg:rpm/opensuse/python-Django4&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-Django6&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-Django&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Django&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208
< 5.0.2-r0+ 32 more
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: >= 3.2.0, < 3.2.24
- (no CPE)range: >= 3.2, < 3.2.24
- (no CPE)range: < 4.2.14-1.1
- (no CPE)range: < 6.0-1.1
- (no CPE)range: < 4.2.10-1.1
- (no CPE)range: < 1.11.29-3.58.3
- (no CPE)range: < 1.11.29-3.58.3
- (no CPE)range: < 1.11.29-3.59.3
- (no CPE)range: < 1.11.29-3.59.3
- (no CPE)range: < 1.11.29-3.59.3
- (no CPE)range: < 12.0.5~dev6-14.54.5
- (no CPE)range: < 14.1.1~dev11-4.51.4
- (no CPE)range: < 12.0.5~dev6-14.54.4
Patches
Vulnerability mechanics
References
18- github.com/advisories/GHSA-xxj9-f6rv-m3x4ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2024-24680ghsaADVISORY
- docs.djangoproject.com/en/5.0/releases/securityghsaWEB
- github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bcghsaWEB
- github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9ghsaWEB
- github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2ghsaWEB
- github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yamlghsaWEB
- groups.google.com/forum/ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEXghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4DghsaWEB
- www.djangoproject.com/weblog/2024/feb/06/security-releasesghsaWEB
- docs.djangoproject.com/en/5.0/releases/security/mitre
- www.djangoproject.com/weblog/2024/feb/06/security-releases/mitre
News mentions
0No linked articles in our index yet.