Overview
Affected versions of this package are vulnerable to Denial of Service (DoS) in the intcomma template filter, when used with very long strings. Exploiting this vulnerability could lead to a system crash.
Introduced through
django@3.2.23, django-jinja@2.10.2 and others
Fixed in: django@3.2.24, @4.2.10, @5.0.2
Detailed paths and remediation
Introduced through: project@0.0.0 › django@3.2.23
Fix: Upgrade django to version 3.2.24 or 4.2.10 or 5.0.2
Introduced through: project@0.0.0 › django-jinja@2.10.2 › django@3.2.23
Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
Introduced through: project@0.0.0 › django-storages@1.7.1 › django@3.2.23
Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
Introduced through: project@0.0.0 › django-libsass@0.7 › django-compressor@4.4 › django-appconf@1.0.6 › django@3.2.23
Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
Detailed paths and remediation
Introduced through: project@0.0.0 › django@3.2.23
Fix: Upgrade django to version 3.2.24 or 4.2.10 or 5.0.2
Introduced through: project@0.0.0 › django-jinja@2.10.2 › django@3.2.23
Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
Introduced through: project@0.0.0 › django-storages@1.7.1 › django@3.2.23
Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
Introduced through: project@0.0.0 › django-libsass@0.7 › django-compressor@4.4 › django-appconf@1.0.6 › django@3.2.23
Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
https://app.snyk.io/org/fecgov/project/5e01de94-91bc-43d8-90b1-8843384b4b26#issue-SNYK-PYTHON-DJANGO-6230369
Overview Affected versions of this package are vulnerable to Denial of Service (DoS) in the intcomma template filter, when used with very long strings. Exploiting this vulnerability could lead to a system crash.
Introduced through django@3.2.23, django-jinja@2.10.2 and others Fixed in: django@3.2.24, @4.2.10, @5.0.2
Detailed paths and remediation Introduced through: project@0.0.0 › django@3.2.23 Fix: Upgrade django to version 3.2.24 or 4.2.10 or 5.0.2 Introduced through: project@0.0.0 › django-jinja@2.10.2 › django@3.2.23 Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2 Introduced through: project@0.0.0 › django-storages@1.7.1 › django@3.2.23 Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2 Introduced through: project@0.0.0 › django-libsass@0.7 › django-compressor@4.4 › django-appconf@1.0.6 › django@3.2.23 Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
Detailed paths and remediation Introduced through: project@0.0.0 › django@3.2.23 Fix: Upgrade django to version 3.2.24 or 4.2.10 or 5.0.2 Introduced through: project@0.0.0 › django-jinja@2.10.2 › django@3.2.23 Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2 Introduced through: project@0.0.0 › django-storages@1.7.1 › django@3.2.23 Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2 Introduced through: project@0.0.0 › django-libsass@0.7 › django-compressor@4.4 › django-appconf@1.0.6 › django@3.2.23 Fix: Pin django to version 3.2.24 or 4.2.10 or 5.0.2
Completion criteria: