An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

Affected Packages

PyPI Django

Affected versions: 5.0 (fixed in 5.0.8)

PyPI Django

Affected versions: 4.2 (fixed in 4.2.15)

Related CVEs

CVE-2024-41991

Key Information

GHSA ID

GHSA-r836-hh6v-rg5g

Published

August 7, 2024 3:30 PM

Last Modified

August 7, 2024 7:03 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

Django

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 9, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.