CVE-2015-0222

Published: Jan 16, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.

Affected (18)

Products: Canonical: Ubuntu Linux · Djangoproject: Django

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10

Configuration B

14 vulnerable

Vulnerable Software	Affected Versions
Djangoproject Django	Up to 1.4.17
Djangoproject Django	Version 1.6.1
Djangoproject Django	Version 1.6.2
Djangoproject Django	Version 1.6.3
Djangoproject Django	Version 1.6.4
Djangoproject Django	Version 1.6.5
Djangoproject Django	Version 1.6.6
Djangoproject Django	Version 1.6.7
Djangoproject Django	Version 1.6.8
Djangoproject Django	Version 1.6.9
Djangoproject Django	Version 1.6
Djangoproject Django	Version 1.7.1
Djangoproject Django	Version 1.7.2
Djangoproject Django	Version 1.7

Related CWEs

References (22)

http://advisories.mageia.org/MGASA-2015-0026.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html

Source: secalert@redhat.com

http://secunia.com/advisories/62285

Source: secalert@redhat.com

http://secunia.com/advisories/62309

Source: secalert@redhat.com

http://ubuntu.com/usn/usn-2469-1

Source: secalert@redhat.com

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2015:109

Source: secalert@redhat.com

https://www.djangoproject.com/weblog/2015/jan/13/security/

Source: secalert@redhat.com

PatchVendor Advisory

http://advisories.mageia.org/MGASA-2015-0026.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62285

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62309

Source: af854a3a-2127-422b-91ae-364da2661108

http://ubuntu.com/usn/usn-2469-1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2015:109

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.djangoproject.com/weblog/2015/jan/13/security/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.