High severityNVD Advisory· Published Feb 6, 2024· Updated Nov 4, 2025
CVE-2024-24680
CVE-2024-24680
Description
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Django's intcomma template filter had a potential DoS vulnerability exploitable with very long strings.
Vulnerability
CVE-2024-24680 is a denial-of-service (DoS) vulnerability in Django's intcomma template filter. The filter, which adds commas to large numbers, used a recursive regular expression approach that could cause excessive processing time when given a very long string input. This issue affected Django versions 3.2 before 3.2.24, 4.2 before 4.2.10, and 5.0 before 5.0.2 [1].
Exploitation
To exploit this vulnerability, an attacker would need to supply a long string to the intcomma filter in a Django template. No authentication is required if the template processes user-controlled input. The long string causes the original regex-based implementation to recurse deeply, consuming disproportionate CPU resources and potentially leading to a denial of service [2][3].
Impact
The primary impact is a denial-of-service condition. By repeatedly submitting or generating requests that use the intcomma filter with long strings, an attacker could degrade server performance or cause temporary unavailability of the application. There is no evidence of remote code execution or data compromise [2].
Mitigation
Django released patches (3.2.24, 4.2.10, and 5.0.2) that replace the recursive algorithm with an iterative approach using string reversal, which avoids deep recursion and substantially limits processing time for long strings [3][4]. Users should upgrade to the patched versions immediately. No workarounds have been announced.
References
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 3.2, < 3.2.24 | 3.2.24 |
DjangoPyPI | >= 4.2, < 4.2.10 | 4.2.10 |
DjangoPyPI | >= 5.0, < 5.0.2 | 5.0.2 |
Affected products
34- Django/Djangodescription
- osv-coords33 versionspkg:apk/chainguard/py3.10-djangopkg:apk/chainguard/py3.10-django-binpkg:apk/chainguard/py3.11-djangopkg:apk/chainguard/py3.11-django-binpkg:apk/chainguard/py3.12-djangopkg:apk/chainguard/py3.12-django-binpkg:apk/chainguard/py3.13-djangopkg:apk/chainguard/py3.13-django-binpkg:apk/chainguard/py3-djangopkg:apk/chainguard/py3-supported-djangopkg:apk/wolfi/py3.10-djangopkg:apk/wolfi/py3.10-django-binpkg:apk/wolfi/py3.11-djangopkg:apk/wolfi/py3.11-django-binpkg:apk/wolfi/py3.12-djangopkg:apk/wolfi/py3.12-django-binpkg:apk/wolfi/py3.13-djangopkg:apk/wolfi/py3.13-django-binpkg:apk/wolfi/py3-djangopkg:apk/wolfi/py3-supported-djangopkg:bitnami/djangopkg:pypi/djangopkg:rpm/opensuse/python-Django4&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-Django6&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-Django&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Django&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208
< 5.0.2-r0+ 32 more
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: < 5.0.2-r0
- (no CPE)range: >= 3.2.0, < 3.2.24
- (no CPE)range: >= 3.2, < 3.2.24
- (no CPE)range: < 4.2.14-1.1
- (no CPE)range: < 6.0-1.1
- (no CPE)range: < 4.2.10-1.1
- (no CPE)range: < 1.11.29-3.58.3
- (no CPE)range: < 1.11.29-3.58.3
- (no CPE)range: < 1.11.29-3.59.3
- (no CPE)range: < 1.11.29-3.59.3
- (no CPE)range: < 1.11.29-3.59.3
- (no CPE)range: < 12.0.5~dev6-14.54.5
- (no CPE)range: < 14.1.1~dev11-4.51.4
- (no CPE)range: < 12.0.5~dev6-14.54.4
Patches
4572ea07e84b3[4.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter.
4 files changed · +81 −8
django/contrib/humanize/templatetags/humanize.py+7 −6 modified@@ -75,12 +75,13 @@ def intcomma(value, use_l10n=True): return intcomma(value, False) else: return number_format(value, use_l10n=True, force_grouping=True) - orig = str(value) - new = re.sub(r"^(-?\d+)(\d{3})", r"\g<1>,\g<2>", orig) - if orig == new: - return new - else: - return intcomma(new, use_l10n) + result = str(value) + match = re.match(r"-?\d+", result) + if match: + prefix = match[0] + prefix_with_commas = re.sub(r"\d{3}", r"\g<0>,", prefix[::-1])[::-1] + result = prefix_with_commas + result[len(prefix) :] + return result # A tuple of standard large number to their converters
docs/releases/3.2.24.txt+5 −1 modified@@ -6,4 +6,8 @@ Django 3.2.24 release notes Django 3.2.24 fixes a security issue with severity "moderate" in 3.2.23. -... +CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter +=========================================================================== + +The ``intcomma`` template filter was subject to a potential denial-of-service +attack when used with very long strings.
docs/releases/4.2.10.txt+5 −1 modified@@ -6,4 +6,8 @@ Django 4.2.10 release notes Django 4.2.10 fixes a security issue with severity "moderate" in 4.2.9. -... +CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter +=========================================================================== + +The ``intcomma`` template filter was subject to a potential denial-of-service +attack when used with very long strings.
tests/humanize_tests/tests.py+64 −0 modified@@ -116,79 +116,143 @@ def test_i18n_html_ordinal(self): def test_intcomma(self): test_list = ( 100, + -100, 1000, + -1000, 10123, + -10123, 10311, + -10311, 1000000, + -1000000, 1234567.25, + -1234567.25, "100", + "-100", "1000", + "-1000", "10123", + "-10123", "10311", + "-10311", "1000000", + "-1000000", "1234567.1234567", + "-1234567.1234567", Decimal("1234567.1234567"), + Decimal("-1234567.1234567"), None, "1234567", + "-1234567", "1234567.12", + "-1234567.12", + "the quick brown fox jumped over the lazy dog", ) result_list = ( "100", + "-100", "1,000", + "-1,000", "10,123", + "-10,123", "10,311", + "-10,311", "1,000,000", + "-1,000,000", "1,234,567.25", + "-1,234,567.25", "100", + "-100", "1,000", + "-1,000", "10,123", + "-10,123", "10,311", + "-10,311", "1,000,000", + "-1,000,000", "1,234,567.1234567", + "-1,234,567.1234567", "1,234,567.1234567", + "-1,234,567.1234567", None, "1,234,567", + "-1,234,567", "1,234,567.12", + "-1,234,567.12", + "the quick brown fox jumped over the lazy dog", ) with translation.override("en"): self.humanize_tester(test_list, result_list, "intcomma") def test_l10n_intcomma(self): test_list = ( 100, + -100, 1000, + -1000, 10123, + -10123, 10311, + -10311, 1000000, + -1000000, 1234567.25, + -1234567.25, "100", + "-100", "1000", + "-1000", "10123", + "-10123", "10311", + "-10311", "1000000", + "-1000000", "1234567.1234567", + "-1234567.1234567", Decimal("1234567.1234567"), + -Decimal("1234567.1234567"), None, "1234567", + "-1234567", "1234567.12", + "-1234567.12", + "the quick brown fox jumped over the lazy dog", ) result_list = ( "100", + "-100", "1,000", + "-1,000", "10,123", + "-10,123", "10,311", + "-10,311", "1,000,000", + "-1,000,000", "1,234,567.25", + "-1,234,567.25", "100", + "-100", "1,000", + "-1,000", "10,123", + "-10,123", "10,311", + "-10,311", "1,000,000", + "-1,000,000", "1,234,567.1234567", + "-1,234,567.1234567", "1,234,567.1234567", + "-1,234,567.1234567", None, "1,234,567", + "-1,234,567", "1,234,567.12", + "-1,234,567.12", + "the quick brown fox jumped over the lazy dog", ) with self.settings(USE_THOUSAND_SEPARATOR=False): with translation.override("en"):
16a8fe18a3b8[5.0.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter.
5 files changed · +87 −8
django/contrib/humanize/templatetags/humanize.py+7 −6 modified@@ -75,12 +75,13 @@ def intcomma(value, use_l10n=True): return intcomma(value, False) else: return number_format(value, use_l10n=True, force_grouping=True) - orig = str(value) - new = re.sub(r"^(-?\d+)(\d{3})", r"\g<1>,\g<2>", orig) - if orig == new: - return new - else: - return intcomma(new, use_l10n) + result = str(value) + match = re.match(r"-?\d+", result) + if match: + prefix = match[0] + prefix_with_commas = re.sub(r"\d{3}", r"\g<0>,", prefix[::-1])[::-1] + result = prefix_with_commas + result[len(prefix) :] + return result # A tuple of standard large number to their converters
docs/releases/3.2.24.txt+5 −1 modified@@ -6,4 +6,8 @@ Django 3.2.24 release notes Django 3.2.24 fixes a security issue with severity "moderate" in 3.2.23. -... +CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter +=========================================================================== + +The ``intcomma`` template filter was subject to a potential denial-of-service +attack when used with very long strings.
docs/releases/4.2.10.txt+5 −1 modified@@ -6,4 +6,8 @@ Django 4.2.10 release notes Django 4.2.10 fixes a security issue with severity "moderate" in 4.2.9. -... +CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter +=========================================================================== + +The ``intcomma`` template filter was subject to a potential denial-of-service +attack when used with very long strings.
docs/releases/5.0.2.txt+6 −0 modified@@ -7,6 +7,12 @@ Django 5.0.2 release notes Django 5.0.2 fixes a security issue with severity "moderate" and several bugs in 5.0.1. Also, the latest string translations from Transifex are incorporated. +CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter +=========================================================================== + +The ``intcomma`` template filter was subject to a potential denial-of-service +attack when used with very long strings. + Bugfixes ========
tests/humanize_tests/tests.py+64 −0 modified@@ -116,79 +116,143 @@ def test_i18n_html_ordinal(self): def test_intcomma(self): test_list = ( 100, + -100, 1000, + -1000, 10123, + -10123, 10311, + -10311, 1000000, + -1000000, 1234567.25, + -1234567.25, "100", + "-100", "1000", + "-1000", "10123", + "-10123", "10311", + "-10311", "1000000", + "-1000000", "1234567.1234567", + "-1234567.1234567", Decimal("1234567.1234567"), + Decimal("-1234567.1234567"), None, "1234567", + "-1234567", "1234567.12", + "-1234567.12", + "the quick brown fox jumped over the lazy dog", ) result_list = ( "100", + "-100", "1,000", + "-1,000", "10,123", + "-10,123", "10,311", + "-10,311", "1,000,000", + "-1,000,000", "1,234,567.25", + "-1,234,567.25", "100", + "-100", "1,000", + "-1,000", "10,123", + "-10,123", "10,311", + "-10,311", "1,000,000", + "-1,000,000", "1,234,567.1234567", + "-1,234,567.1234567", "1,234,567.1234567", + "-1,234,567.1234567", None, "1,234,567", + "-1,234,567", "1,234,567.12", + "-1,234,567.12", + "the quick brown fox jumped over the lazy dog", ) with translation.override("en"): self.humanize_tester(test_list, result_list, "intcomma") def test_l10n_intcomma(self): test_list = ( 100, + -100, 1000, + -1000, 10123, + -10123, 10311, + -10311, 1000000, + -1000000, 1234567.25, + -1234567.25, "100", + "-100", "1000", + "-1000", "10123", + "-10123", "10311", + "-10311", "1000000", + "-1000000", "1234567.1234567", + "-1234567.1234567", Decimal("1234567.1234567"), + -Decimal("1234567.1234567"), None, "1234567", + "-1234567", "1234567.12", + "-1234567.12", + "the quick brown fox jumped over the lazy dog", ) result_list = ( "100", + "-100", "1,000", + "-1,000", "10,123", + "-10,123", "10,311", + "-10,311", "1,000,000", + "-1,000,000", "1,234,567.25", + "-1,234,567.25", "100", + "-100", "1,000", + "-1,000", "10,123", + "-10,123", "10,311", + "-10,311", "1,000,000", + "-1,000,000", "1,234,567.1234567", + "-1,234,567.1234567", "1,234,567.1234567", + "-1,234,567.1234567", None, "1,234,567", + "-1,234,567", "1,234,567.12", + "-1,234,567.12", + "the quick brown fox jumped over the lazy dog", ) with self.settings(USE_THOUSAND_SEPARATOR=False): with translation.override("en"):
c1171ffbd570[3.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter.
3 files changed · +140 −19
django/contrib/humanize/templatetags/humanize.py+7 −6 modified@@ -70,12 +70,13 @@ def intcomma(value, use_l10n=True): return intcomma(value, False) else: return number_format(value, use_l10n=True, force_grouping=True) - orig = str(value) - new = re.sub(r"^(-?\d+)(\d{3})", r'\g<1>,\g<2>', orig) - if orig == new: - return new - else: - return intcomma(new, use_l10n) + result = str(value) + match = re.match(r"-?\d+", result) + if match: + prefix = match[0] + prefix_with_commas = re.sub(r"\d{3}", r"\g<0>,", prefix[::-1])[::-1] + result = prefix_with_commas + result[len(prefix) :] + return result # A tuple of standard large number to their converters
docs/releases/3.2.24.txt+5 −1 modified@@ -6,4 +6,8 @@ Django 3.2.24 release notes Django 3.2.24 fixes a security issue with severity "moderate" in 3.2.23. -... +CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter +=========================================================================== + +The ``intcomma`` template filter was subject to a potential denial-of-service +attack when used with very long strings.
tests/humanize_tests/tests.py+128 −12 modified@@ -66,28 +66,144 @@ def test_i18n_html_ordinal(self): def test_intcomma(self): test_list = ( - 100, 1000, 10123, 10311, 1000000, 1234567.25, '100', '1000', - '10123', '10311', '1000000', '1234567.1234567', - Decimal('1234567.1234567'), None, + 100, + -100, + 1000, + -1000, + 10123, + -10123, + 10311, + -10311, + 1000000, + -1000000, + 1234567.25, + -1234567.25, + "100", + "-100", + "1000", + "-1000", + "10123", + "-10123", + "10311", + "-10311", + "1000000", + "-1000000", + "1234567.1234567", + "-1234567.1234567", + Decimal("1234567.1234567"), + Decimal("-1234567.1234567"), + None, + "1234567", + "-1234567", + "1234567.12", + "-1234567.12", + "the quick brown fox jumped over the lazy dog", ) result_list = ( - '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.25', - '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.1234567', - '1,234,567.1234567', None, + "100", + "-100", + "1,000", + "-1,000", + "10,123", + "-10,123", + "10,311", + "-10,311", + "1,000,000", + "-1,000,000", + "1,234,567.25", + "-1,234,567.25", + "100", + "-100", + "1,000", + "-1,000", + "10,123", + "-10,123", + "10,311", + "-10,311", + "1,000,000", + "-1,000,000", + "1,234,567.1234567", + "-1,234,567.1234567", + "1,234,567.1234567", + "-1,234,567.1234567", + None, + "1,234,567", + "-1,234,567", + "1,234,567.12", + "-1,234,567.12", + "the quick brown fox jumped over the lazy dog", ) with translation.override('en'): self.humanize_tester(test_list, result_list, 'intcomma') def test_l10n_intcomma(self): test_list = ( - 100, 1000, 10123, 10311, 1000000, 1234567.25, '100', '1000', - '10123', '10311', '1000000', '1234567.1234567', - Decimal('1234567.1234567'), None, + 100, + -100, + 1000, + -1000, + 10123, + -10123, + 10311, + -10311, + 1000000, + -1000000, + 1234567.25, + -1234567.25, + "100", + "-100", + "1000", + "-1000", + "10123", + "-10123", + "10311", + "-10311", + "1000000", + "-1000000", + "1234567.1234567", + "-1234567.1234567", + Decimal("1234567.1234567"), + -Decimal("1234567.1234567"), + None, + "1234567", + "-1234567", + "1234567.12", + "-1234567.12", + "the quick brown fox jumped over the lazy dog", ) result_list = ( - '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.25', - '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.1234567', - '1,234,567.1234567', None, + "100", + "-100", + "1,000", + "-1,000", + "10,123", + "-10,123", + "10,311", + "-10,311", + "1,000,000", + "-1,000,000", + "1,234,567.25", + "-1,234,567.25", + "100", + "-100", + "1,000", + "-1,000", + "10,123", + "-10,123", + "10,311", + "-10,311", + "1,000,000", + "-1,000,000", + "1,234,567.1234567", + "-1,234,567.1234567", + "1,234,567.1234567", + "-1,234,567.1234567", + None, + "1,234,567", + "-1,234,567", + "1,234,567.12", + "-1,234,567.12", + "the quick brown fox jumped over the lazy dog", ) with self.settings(USE_L10N=True, USE_THOUSAND_SEPARATOR=False): with translation.override('en'):
55519d6cf899Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter.
5 files changed · +87 −8
django/contrib/humanize/templatetags/humanize.py+7 −6 modified@@ -75,12 +75,13 @@ def intcomma(value, use_l10n=True): return intcomma(value, False) else: return number_format(value, use_l10n=True, force_grouping=True) - orig = str(value) - new = re.sub(r"^(-?\d+)(\d{3})", r"\g<1>,\g<2>", orig) - if orig == new: - return new - else: - return intcomma(new, use_l10n) + result = str(value) + match = re.match(r"-?\d+", result) + if match: + prefix = match[0] + prefix_with_commas = re.sub(r"\d{3}", r"\g<0>,", prefix[::-1])[::-1] + result = prefix_with_commas + result[len(prefix) :] + return result # A tuple of standard large number to their converters
docs/releases/3.2.24.txt+5 −1 modified@@ -6,4 +6,8 @@ Django 3.2.24 release notes Django 3.2.24 fixes a security issue with severity "moderate" in 3.2.23. -... +CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter +=========================================================================== + +The ``intcomma`` template filter was subject to a potential denial-of-service +attack when used with very long strings.
docs/releases/4.2.10.txt+5 −1 modified@@ -6,4 +6,8 @@ Django 4.2.10 release notes Django 4.2.10 fixes a security issue with severity "moderate" in 4.2.9. -... +CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter +=========================================================================== + +The ``intcomma`` template filter was subject to a potential denial-of-service +attack when used with very long strings.
docs/releases/5.0.2.txt+6 −0 modified@@ -7,6 +7,12 @@ Django 5.0.2 release notes Django 5.0.2 fixes a security issue with severity "moderate" and several bugs in 5.0.1. Also, the latest string translations from Transifex are incorporated. +CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter +=========================================================================== + +The ``intcomma`` template filter was subject to a potential denial-of-service +attack when used with very long strings. + Bugfixes ========
tests/humanize_tests/tests.py+64 −0 modified@@ -116,79 +116,143 @@ def test_i18n_html_ordinal(self): def test_intcomma(self): test_list = ( 100, + -100, 1000, + -1000, 10123, + -10123, 10311, + -10311, 1000000, + -1000000, 1234567.25, + -1234567.25, "100", + "-100", "1000", + "-1000", "10123", + "-10123", "10311", + "-10311", "1000000", + "-1000000", "1234567.1234567", + "-1234567.1234567", Decimal("1234567.1234567"), + Decimal("-1234567.1234567"), None, "1234567", + "-1234567", "1234567.12", + "-1234567.12", + "the quick brown fox jumped over the lazy dog", ) result_list = ( "100", + "-100", "1,000", + "-1,000", "10,123", + "-10,123", "10,311", + "-10,311", "1,000,000", + "-1,000,000", "1,234,567.25", + "-1,234,567.25", "100", + "-100", "1,000", + "-1,000", "10,123", + "-10,123", "10,311", + "-10,311", "1,000,000", + "-1,000,000", "1,234,567.1234567", + "-1,234,567.1234567", "1,234,567.1234567", + "-1,234,567.1234567", None, "1,234,567", + "-1,234,567", "1,234,567.12", + "-1,234,567.12", + "the quick brown fox jumped over the lazy dog", ) with translation.override("en"): self.humanize_tester(test_list, result_list, "intcomma") def test_l10n_intcomma(self): test_list = ( 100, + -100, 1000, + -1000, 10123, + -10123, 10311, + -10311, 1000000, + -1000000, 1234567.25, + -1234567.25, "100", + "-100", "1000", + "-1000", "10123", + "-10123", "10311", + "-10311", "1000000", + "-1000000", "1234567.1234567", + "-1234567.1234567", Decimal("1234567.1234567"), + -Decimal("1234567.1234567"), None, "1234567", + "-1234567", "1234567.12", + "-1234567.12", + "the quick brown fox jumped over the lazy dog", ) result_list = ( "100", + "-100", "1,000", + "-1,000", "10,123", + "-10,123", "10,311", + "-10,311", "1,000,000", + "-1,000,000", "1,234,567.25", + "-1,234,567.25", "100", + "-100", "1,000", + "-1,000", "10,123", + "-10,123", "10,311", + "-10,311", "1,000,000", + "-1,000,000", "1,234,567.1234567", + "-1,234,567.1234567", "1,234,567.1234567", + "-1,234,567.1234567", None, "1,234,567", + "-1,234,567", "1,234,567.12", + "-1,234,567.12", + "the quick brown fox jumped over the lazy dog", ) with self.settings(USE_THOUSAND_SEPARATOR=False): with translation.override("en"):
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
18- github.com/advisories/GHSA-xxj9-f6rv-m3x4ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2024-24680ghsaADVISORY
- docs.djangoproject.com/en/5.0/releases/securityghsaWEB
- github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bcghsaWEB
- github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9ghsaWEB
- github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2ghsaWEB
- github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yamlghsaWEB
- groups.google.com/forum/ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEXghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4DghsaWEB
- www.djangoproject.com/weblog/2024/feb/06/security-releasesghsaWEB
- docs.djangoproject.com/en/5.0/releases/security/mitre
- www.djangoproject.com/weblog/2024/feb/06/security-releases/mitre
News mentions
0No linked articles in our index yet.