vulnerability

FreeBSD: VID-94d441d2-5497-11ef-9d2f-080027836e8b (CVE-2024-41991): Django -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Aug 7, 2024	Aug 7, 2024	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Aug 7, 2024

Added

Aug 7, 2024

Modified

Dec 10, 2025

Description

Django reports: CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat(). CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize(). CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget. CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list().

Solutions

freebsd-upgrade-package-py39-django42freebsd-upgrade-package-py310-django42freebsd-upgrade-package-py311-django42freebsd-upgrade-package-py310-django50freebsd-upgrade-package-py311-django50

References

CVE-2024-41991
https://attackerkb.com/topics/CVE-2024-41991
CWE-1284
CWE-130

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today