[Snyk High] - django Denial of Service (DoS)(Due 03/15/2024)
fec-jli opened this issue · 0 comments
Overview
Affected versions of this package are vulnerable to Denial of Service (DoS) in the intcomma template filter, when used with very long strings. Exploiting this vulnerability could lead to a system crash.
Introduced through
django@3.2.23, django-jinja@2.10.2 and others
Fixed in: django@3.2.24, @4.2.10, @5.0.2
Detailed paths and remediation
Introduced through: project@0.0.0 › django@3.2.23
Fix: Upgrade django to version 3.2.24 or 4.2.10 or 5.0.2
Introduced through: project@0.0.0 › django-jinja@2.10.2 › django@3.2.23
Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
Introduced through: project@0.0.0 › django-storages@1.7.1 › django@3.2.23
Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
Introduced through: project@0.0.0 › django-libsass@0.7 › django-compressor@4.4 › django-appconf@1.0.6 › django@3.2.23
Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
Detailed paths and remediation
Introduced through: project@0.0.0 › django@3.2.23
Fix: Upgrade django to version 3.2.24 or 4.2.10 or 5.0.2
Introduced through: project@0.0.0 › django-jinja@2.10.2 › django@3.2.23
Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
Introduced through: project@0.0.0 › django-storages@1.7.1 › django@3.2.23
Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
Introduced through: project@0.0.0 › django-libsass@0.7 › django-compressor@4.4 › django-appconf@1.0.6 › django@3.2.23
Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
Completion criteria:
- Upgrade django to version 3.2.24