CVE-2025-24370 Overview
Django-Unicorn is a popular library that adds modern reactive component functionality to Django templates. A critical Python class pollution vulnerability has been identified in affected versions of Django-Unicorn that allows remote attackers to manipulate the Python runtime through specially crafted component requests.
The vulnerability stems from the core set_property_value function, which can be remotely triggered by users who craft malicious component requests. By controlling the second and third parameters of this vulnerable function, attackers can achieve arbitrary changes to Python runtime status, leading to severe security implications including Cross-Site Scripting (XSS), Denial of Service (DoS), and Authentication Bypass attacks.
Critical Impact
Remote attackers can exploit Python class pollution to achieve XSS, DoS, and Authentication Bypass in virtually any Django-Unicorn-based application without authentication.
Affected Products
- Django-Unicorn versions prior to 0.62.0
Discovery Timeline
- 2025-02-03 - CVE CVE-2025-24370 published to NVD
- 2025-02-03 - Last updated in NVD database
Technical Details for CVE-2025-24370
Vulnerability Analysis
This vulnerability is classified under CWE-915 (Improperly Controlled Modification of Dynamically-Determined Object Attributes), commonly known as "Mass Assignment" or in Python contexts, "Class Pollution." The flaw allows unauthenticated remote attackers to modify Python object attributes at runtime through network-accessible component requests.
The vulnerability manifests when Django-Unicorn processes property name updates through the set_property_value function. The property name is split by periods to traverse nested object attributes, but prior to the fix, there was no validation to prevent access to Python's special "dunder" (double underscore) attributes like __class__, __init__, __globals__, or other magic methods.
At least five distinct exploitation methods have been documented, each capable of causing significant security impact:
- Cross-Site Scripting (XSS) through runtime manipulation
- Denial of Service (DoS) by corrupting critical runtime objects
- Authentication Bypass by modifying authentication-related attributes
- Potential Remote Code Execution through __globals__ manipulation
- Application state corruption leading to unpredictable behavior
Root Cause
The root cause lies in the set_property_value function in django_unicorn/views/action_parsers/utils.py. This function accepts user-controlled property names and splits them by periods to enable nested attribute access. Without proper input validation, attackers could inject property paths containing Python dunder attributes (__attr__), allowing them to traverse and modify the Python class hierarchy and runtime environment.
Attack Vector
The attack is network-accessible and requires no authentication or user interaction. Attackers craft malicious component requests that specify property names containing dunder attributes. When Django-Unicorn processes these requests, it inadvertently allows modification of Python runtime objects, class definitions, or global variables.
For example, an attacker could submit a property name like __class__.__init__.__globals__ to access and modify the global namespace of the application, potentially overwriting critical functions or security controls.
# Security patch in django_unicorn/views/action_parsers/utils.py
The following code updates UnicornView.author.name based the payload's `author.name`.
"""
property_name_parts = property_name.split(".")
+ for part in property_name_parts:
+ if part.startswith("__") and part.endswith("__"):
+ raise AssertionError("Invalid property name")
component_or_field = component
data_or_dict = data # Could be an internal portion of data that gets set
Source: GitHub Commit for Django Unicorn
The patch adds validation to check each component of the property name path. If any part starts and ends with double underscores (dunder pattern), the function raises an AssertionError and refuses to process the request, effectively blocking class pollution attempts.
Detection Methods for CVE-2025-24370
Indicators of Compromise
- HTTP requests to Django-Unicorn endpoints containing property names with __ (double underscore) patterns
- Unusual component update requests with deeply nested property paths
- Application errors or assertion failures related to property name validation
- Unexpected changes in application behavior, authentication state, or rendered content
Detection Strategies
- Monitor web application logs for requests containing __class__, __init__, __globals__, or similar dunder patterns in request payloads
- Implement Web Application Firewall (WAF) rules to detect and block requests with Python dunder attribute patterns
- Deploy application-level monitoring to detect unusual property access patterns in Django-Unicorn components
- Review Django error logs for AssertionError: Invalid property name messages (indicates blocked attack attempts on patched systems)
Monitoring Recommendations
- Enable detailed logging for Django-Unicorn component requests to capture full request payloads
- Configure alerting for patterns matching __[a-zA-Z]+__ in component property names
- Monitor for unexpected application crashes, authentication anomalies, or XSS incidents that could indicate exploitation
- Implement runtime application self-protection (RASP) to detect object manipulation attempts
How to Mitigate CVE-2025-24370
Immediate Actions Required
- Upgrade Django-Unicorn to version 0.62.0 or later immediately
- Review application logs for evidence of exploitation attempts prior to patching
- Audit Django-Unicorn component implementations for any unexpected behavior
- Conduct security testing to verify the patch has been successfully applied
Patch Information
The vulnerability has been addressed in Django-Unicorn version 0.62.0. The fix implements input validation in the set_property_value function to reject property names containing dunder attributes. All users are strongly advised to upgrade immediately.
For detailed patch information, see:
Workarounds
- No known workarounds exist for this vulnerability according to the security advisory
- Upgrade to version 0.62.0 is the only recommended mitigation
- As a temporary measure, consider implementing WAF rules to block requests containing dunder patterns, though this is not a complete solution
- If upgrade is not immediately possible, consider temporarily disabling Django-Unicorn components until patching can be completed
# Upgrade Django-Unicorn to the patched version
pip install django-unicorn>=0.62.0
# Verify the installed version
pip show django-unicorn | grep Version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
