Login Sign Up

CVE-2024-45230

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Django's urlize() and urlizetrunc() template filters allows attackers to cause denial-of-service by submitting very large inputs with specific character sequences. All Django applications using these template filters are affected, particularly those processing user-generated content.

💻 Affected Systems

Products:
  • Django
Versions: Django 5.1 before 5.1.1, Django 5.0 before 5.0.9, Django 4.2 before 4.2.16
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications using urlize() or urlizetrunc() template filters on user-controlled input.

📦 What is this software?

Django by Djangoproject

View all CVEs affecting Django →

Django by Djangoproject

View all CVEs affecting Django →

Django by Djangoproject

View all CVEs affecting Django →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability due to resource exhaustion, potentially affecting all users of the application.

🟠

Likely Case

Degraded performance or temporary service disruption for affected endpoints processing malicious inputs.

🟢

If Mitigated

Minimal impact with proper input validation and resource limits in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted large inputs to endpoints using vulnerable template filters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Django 5.1.1, Django 5.0.9, Django 4.2.16

Vendor Advisory: https://www.djangoproject.com/weblog/2024/sep/03/security-releases/

Restart Required: Yes

Instructions:

1. Update Django using pip: 'pip install --upgrade Django==5.1.1' (or appropriate version). 2. Restart your Django application server. 3. Verify the update with 'python -m django --version'.

🔧 Temporary Workarounds

Input Length Limitation

all

Implement input validation to limit the size of user inputs before passing to urlize() or urlizetrunc() filters.

Template Filter Replacement

all

Replace urlize() and urlizetrunc() with custom implementations that include input size checks.

🧯 If You Can't Patch

  • Implement strict input validation and size limits on all user inputs before template processing.
  • Use web application firewalls (WAF) to block unusually large requests or specific patterns.

🔍 How to Verify

Check if Vulnerable:

Check Django version and if urlize() or urlizetrunc() filters are used in templates with user input.

Check Version:

python -m django --version

Verify Fix Applied:

Confirm Django version is 5.1.1, 5.0.9, or 4.2.16 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Unusually large HTTP requests
  • High CPU/memory usage spikes
  • Template processing timeouts

Network Indicators:

  • Large POST requests to endpoints with template rendering
  • Repeated requests with similar large payloads

SIEM Query:

source="web_logs" AND (request_size > 10000 OR uri CONTAINS "template" OR uri CONTAINS "render")

📊 Metadata

CVE ID: CVE-2024-45230
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-120
Published: October 8, 2024
Last Updated: March 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45230, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)