`urlize` and `urlizetrunc` were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.


The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3161-1 advisory.

    - CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize().
    (bsc#1229823)
    - CVE-2024-45231: Fixed potential user email enumeration via response status on password reset.
    (bsc#1229824)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-e2bde0853b advisory.

    `urlize` and `urlizetrunc` were subject to a potential denial-of-service attack via very large inputs with     a specific sequence of characters.


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-28892f7c8f advisory.

    `urlize` and `urlizetrunc` were subject to a potential denial-of-service attack via very large inputs with     a specific sequence of characters.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4a08381122 advisory.

    `urlize` and `urlizetrunc` were subject to a potential denial-of-service attack via very large inputs with     a specific sequence of characters.


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-865828665c advisory.

    `urlize` and `urlizetrunc` were subject to a potential denial-of-service attack via very large inputs with     a specific sequence of characters.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The detected version of the Django Python package, Django, is 4.2.x prior to 4.2.16, 5.0.x prior to 5.0.9 or 5.1.x prior to 5.1.1. It is, therefore, affected by multiple vulnerabilities as disclosed in Django's September 3rd 2024 security advisory:

  - urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a   specific sequence of characters. (CVE-2024-45230)  
  - Due to unhandled email sending failures, the django.contrib.auth.forms.PasswordResetForm class allowed   remote attackers to enumerate user emails by issuing password reset requests and observing the outcomes.
  (CVE-2024-45231)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3139-1 advisory.

    - CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize().
    (bsc#1229823)
    - CVE-2024-45231: Fixed potential user email enumeration via response status on password reset.
    (bsc#1229824)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6987-1 advisory.

    It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this     issue to cause a denial of service. (CVE-2024-45230)

    It was discovered that Django incorrectly handled certain email sending failures. A remote attacker could     possibly use this issue to enumerate user emails by issuing password reset requests and observing the     outcomes. (CVE-2024-45231)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
206749	SUSE SLES15 / openSUSE 15 Security Update : python-Django (SUSE-SU-2024:3161-1)	Nessus	SuSE Local Security Checks	medium
206713	Fedora 39 : python-django (2024-e2bde0853b)	Nessus	Fedora Local Security Checks	high
206710	Fedora 39 : python-django4.2 (2024-28892f7c8f)	Nessus	Fedora Local Security Checks	high
206708	Fedora 40 : python-django (2024-4a08381122)	Nessus	Fedora Local Security Checks	high
206703	Fedora 40 : python-django4.2 (2024-865828665c)	Nessus	Fedora Local Security Checks	high
206676	Python Library Django 4.2.x < 4.2.16 / 5.0.x < 5.0.9 / 5.1.x < 5.1.1 Multiple Vulnerabilities	Nessus	Misc.	high
206633	openSUSE 15 Security Update : python-Django (SUSE-SU-2024:3139-1)	Nessus	SuSE Local Security Checks	medium
206498	Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Django vulnerabilities (USN-6987-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2024-45230

high

Tenable Plugins

medium

high

high

high

high

high

medium

high