{
  "threat_severity" : "Moderate",
  "public_date" : "2024-07-26T06:26:00Z",
  "bugzilla" : {
    "description" : "python-django: Potential denial-of-service in django.utils.html.urlize()",
    "id" : "2295935",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2295935"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-1287",
  "details" : [ "An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.", "A vulnerability was found in the Django framework's urlize and urlizetrunc functions, where an attacker can input a certain string containing a large number of brackets, leads to a potential denial of service when the application attempts to process the excessive input." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
    "release_date" : "2024-09-05T00:00:00Z",
    "advisory" : "RHSA-2024:6428",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
    "package" : "python3x-django-0:4.2.15-1.el8ap"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
    "release_date" : "2024-09-05T00:00:00Z",
    "advisory" : "RHSA-2024:6428",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
    "package" : "python-django-0:4.2.15-1.el9ap"
  }, {
    "product_name" : "Red Hat OpenStack Services on OpenShift 18.0",
    "release_date" : "2024-11-13T00:00:00Z",
    "advisory" : "RHSA-2024:9481",
    "cpe" : "cpe:/a:redhat:openstack:18.0::el9",
    "package" : "python-django-0:3.2.12-8.el9ost"
  }, {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 8",
    "release_date" : "2024-11-05T00:00:00Z",
    "advisory" : "RHSA-2024:8906",
    "cpe" : "cpe:/a:redhat:satellite:6.16::el8",
    "package" : "python-django-0:4.2.16-1.el8pc"
  }, {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 8",
    "release_date" : "2024-11-05T00:00:00Z",
    "advisory" : "RHSA-2024:8906",
    "cpe" : "cpe:/a:redhat:satellite_capsule:6.16::el8",
    "package" : "python-django-0:4.2.16-1.el8pc"
  }, {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 9",
    "release_date" : "2024-11-05T00:00:00Z",
    "advisory" : "RHSA-2024:8906",
    "cpe" : "cpe:/a:redhat:satellite:6.16::el9",
    "package" : "python-django-0:4.2.16-1.el9pc"
  }, {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 9",
    "release_date" : "2024-11-05T00:00:00Z",
    "advisory" : "RHSA-2024:8906",
    "cpe" : "cpe:/a:redhat:satellite_capsule:6.16::el9",
    "package" : "python-django-0:4.2.16-1.el9pc"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 1.2",
    "fix_state" : "Affected",
    "package_name" : "ansible-tower",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Affected",
    "package_name" : "ansible-automation-platform-25/lightspeed-rhel8",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "automation-controller",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Certification for Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "redhat-certification",
    "cpe" : "cpe:/a:redhat:certifications:1::el8"
  }, {
    "product_name" : "Red Hat Certification Program for Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "redhat-certification",
    "cpe" : "cpe:/a:redhat:certifications:9"
  }, {
    "product_name" : "Red Hat Discovery 1",
    "fix_state" : "Affected",
    "package_name" : "discovery-server-container",
    "cpe" : "cpe:/a:redhat:discovery:1"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.1",
    "fix_state" : "Out of support scope",
    "package_name" : "python-django20",
    "cpe" : "cpe:/a:redhat:openstack:16.1"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "fix_state" : "Will not fix",
    "package_name" : "python-django20",
    "cpe" : "cpe:/a:redhat:openstack:16.2"
  }, {
    "product_name" : "Red Hat OpenStack Platform 17.1",
    "fix_state" : "Will not fix",
    "package_name" : "python-django",
    "cpe" : "cpe:/a:redhat:openstack:17.1"
  }, {
    "product_name" : "Red Hat Storage 3",
    "fix_state" : "Will not fix",
    "package_name" : "python-django",
    "cpe" : "cpe:/a:redhat:storage:3"
  }, {
    "product_name" : "Red Hat Update Infrastructure 4 for Cloud Providers",
    "fix_state" : "Affected",
    "package_name" : "python-django",
    "cpe" : "cpe:/a:redhat:rhui:4::el8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-38875\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38875" ],
  "name" : "CVE-2024-38875",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}