Django
Moderate fix3 remedies
cpe:2.3:a:django_project:django:*:*:*:*:*:*:*
Moderate fix3 remedies
- >= 5.1, < 5.1.5
- >= 5.0, < 5.0.11
- >= 4.2, < 4.2.18
Django Denial-of-Service Vulnerability in IPv6 Validation
Vulnerability
Patched
A denial-of-service vulnerability has been identified in Django versions 5.1 prior to 5.1.5, 5.0 prior to 5.0.11, and 4.2 prior to 4.2.18. The issue arises from a lack of upper-bound limit enforcement in strings used for IPv6 validation, potentially leading to a denial-of-service attack. This vulnerability affects the private functions 'clean_ipv6_address' and 'is_valid_ipv6_address', as well as the 'django.forms.GenericIPAddressField' form field. However, the 'django.db.models.GenericIPAddressField' model field is not affected.
Impact
Exploitation of this vulnerability could lead to a denial-of-service condition, causing the application to become unresponsive or unavailable.
Remediation
Users are advised to upgrade to Django versions 5.1.5, 5.0.11, or 4.2.18. Instructions for upgrading can be found in the Django release notes.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
7.6impact
2.5exploitability
6.8remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.