An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. `get_supported_language_variant()` was subject to a potential denial-of-service attack when used with very long strings containing specific characters.

Affected Packages

PyPI Django

Affected versions: 5.0 (fixed in 5.0.7)

PyPI Django

Affected versions: 4.2 (fixed in 4.2.14)

Related CVEs

CVE-2024-39614

Key Information

GHSA ID

GHSA-f6f8-9mx6-9mx2

Published

July 10, 2024 6:33 AM

Last Modified

August 2, 2024 3:52 PM

CVSS Score

7.5 /10

Primary Ecosystem

PyPI

Primary Package

Django

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 9, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.