CVE-2013-0306
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:N/A:P
Exploitability: 10.0 / Impact: 2.9
Source: NVD
Description
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.
Affected (17)
Products: Djangoproject: Django · Canonical: Ubuntu Linux
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.3.1 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.4.1 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.5 alpha |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.04 |
Related CWEs
References (8)
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.