CVE-2013-0306Uncontrolled Resource Consumption in Django

CWE-189CWE-400Uncontrolled Resource Consumption13 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 41.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Djangoproject DjangoCanonical Ubuntu Linux
Timeline
PublishedMay 2
Latest updateMay 5

Description

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

PyPIdjangoproject/django1.31.3.6+1
NVDdjangoproject/django8 versions+7

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10

🔴Vulnerability Details

4
OSV
Django is vulnerable to Denial of Service attack in formset2022-05-05
GHSA
Django is vulnerable to Denial of Service attack in formset2022-05-05
OSV
CVE-2013-0306: The form library in Django 12013-05-02
CVEList
CVE-2013-0306: The form library in Django 12013-05-02

📋Vendor Advisories

3
Ubuntu
Django vulnerabilities2013-03-07
Red Hat
Django: Formset denial-of-service2013-02-19
Debian
CVE-2013-0306: python-django - The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 befor...2013

💬Community

5
Bugzilla
CVE-2013-0306 Django: Formset denial-of-service2013-02-20
Bugzilla
CVE-2013-0305 CVE-2013-0306 Django various flaws [epel-5]2013-02-20
Bugzilla
CVE-2013-0305 CVE-2013-0306 Django14 various flaws [epel-6]2013-02-20
Bugzilla
CVE-2013-0305 CVE-2013-0306 Django various flaws [fedora-17]2013-02-20
Bugzilla
CVE-2013-0305 CVE-2013-0306 Django various flaws [epel-6]2013-02-20
CVE-2013-0306 — Uncontrolled Resource Consumption | cvebase