An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

Affected Packages

PyPI Django

Affected versions: 4.2 (fixed in 4.2.14)

PyPI Django

Affected versions: 5.0 (fixed in 5.0.7)

Related CVEs

CVE-2024-38875

Key Information

GHSA ID

GHSA-qg2p-9jwr-mmqf

Published

July 10, 2024 6:33 AM

Last Modified

July 12, 2024 7:04 PM

CVSS Score

7.5 /10

Primary Ecosystem

PyPI

Primary Package

Django

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 9, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.