An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.

Affected Packages

PyPI Django

Affected versions: 5.0 (fixed in 5.0.8)

PyPI Django

Affected versions: 4.2 (fixed in 4.2.15)

Related CVEs

CVE-2024-41989

Key Information

GHSA ID

GHSA-jh75-99hh-qvx9

Published

August 7, 2024 3:30 PM

Last Modified

August 7, 2024 7:01 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

Django

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 12, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.