vulnerability

FreeBSD: VID-94d441d2-5497-11ef-9d2f-080027836e8b (CVE-2024-42005): Django -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Aug 7, 2024	Aug 7, 2024	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Aug 7, 2024

Added

Aug 7, 2024

Modified

Dec 10, 2025

Description

Django reports: CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat(). CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize(). CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget. CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list().

Solutions

freebsd-upgrade-package-py39-django42freebsd-upgrade-package-py310-django42freebsd-upgrade-package-py311-django42freebsd-upgrade-package-py310-django50freebsd-upgrade-package-py311-django50

References

CVE-2024-42005
https://attackerkb.com/topics/CVE-2024-42005
CWE-89

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today