mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-12 15:31:45 +00:00
Code Issues Projects Releases Wiki Activity
Files
954acdcf1b7306654dc4aba36a2c423d64ee5a80
meta-openembedded/meta-python/recipes-devtools/python/python3-django/CVE-2024-41990.patch
Soumya Sambu 4e8fa78778 python3-django: Fix CVE-2024-41990 
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15.
The urlize() and urlizetrunc() template filters are subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41990

Upstream-patch:
d0a82e26a7

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-01-22 19:22:56 -05:00

70 lines
2.9 KiB
Diff
Raw Blame History

From d0a82e26a74940bf0c78204933c3bdd6a283eb88 Mon Sep 17 00:00:00 2001
From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
Date: Thu, 18 Jul 2024 13:19:34 +0200
Subject: [PATCH] [4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in
urlize and urlizetrunc template filters.
Thanks to MProgrammer for the report.
CVE: CVE-2024-41990
Upstream-Status: Backport [https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88]
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
---
django/utils/html.py | 18 ++++++++----------
tests/utils_tests/test_html.py | 2 ++
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/django/utils/html.py b/django/utils/html.py
index f1b74ab..84e157d 100644
--- a/django/utils/html.py
+++ b/django/utils/html.py
@@ -315,7 +315,11 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
trimmed_something = True
counts[closing] -= strip
- rstripped = middle.rstrip(trailing_punctuation_chars_no_semicolon())
+ amp = middle.rfind("&")
+ if amp == -1:
+ rstripped = middle.rstrip(TRAILING_PUNCTUATION_CHARS)
+ else:
+ rstripped = middle.rstrip(trailing_punctuation_chars_no_semicolon())
if rstripped != middle:
trail = middle[len(rstripped) :] + trail
middle = rstripped
@@ -323,15 +327,9 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
if trailing_punctuation_chars_has_semicolon() and middle.endswith(";"):
# Only strip if not part of an HTML entity.
- amp = middle.rfind("&")
- if amp == -1:
- can_strip = True
- else:
- potential_entity = middle[amp:]
- escaped = unescape(potential_entity)
- can_strip = (escaped == potential_entity) or escaped.endswith(";")
-
- if can_strip:
+ potential_entity = middle[amp:]
+ escaped = unescape(potential_entity)
+ if escaped == potential_entity or escaped.endswith(";"):
rstripped = middle.rstrip(";")
amount_stripped = len(middle) - len(rstripped)
if amp > -1 and amount_stripped > 1:
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index 715c1c6..5abab8d 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -274,6 +274,8 @@ class TestUtilsHtml(SimpleTestCase):
"[(" * 100_000 + ":" + ")]" * 100_000,
"([[" * 100_000 + ":" + "]])" * 100_000,
"&:" + ";" * 100_000,
+ "&.;" * 100_000,
+ ".;" * 100_000,
)
for value in tests:
with self.subTest(value=value):
--
2.40.0
Reference in New Issue View Git Blame Copy Permalink