CVE-2015-0222Allocation of Resources Without Limits or Throttling in Django

CWE-17CWE-770Allocation of Resources Without Limits or ThrottlingCWE-20Improper Input Validation11 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
5.1%
top 10.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Djangoproject DjangoCanonical Ubuntu Linux
Timeline
PublishedJan 16
Latest updateMay 17

Description

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

PyPIdjangoproject/django1.61.6.10+1
NVDdjangoproject/django1.4.17+13

Also affects: Ubuntu Linux 10.04, 12.04, 14.04, 14.10

Patches

Patch: ubuntu.comPatch: www.djangoproject.comPatch: ubuntu.com

🔴Vulnerability Details

4
OSV
Django database denial-of-service with ModelMultipleChoiceField2022-05-17
GHSA
Django database denial-of-service with ModelMultipleChoiceField2022-05-17
CVEList
CVE-2015-0222: ModelMultipleChoiceField in Django 12015-01-16
OSV
CVE-2015-0222: ModelMultipleChoiceField in Django 12015-01-16

📋Vendor Advisories

3
Ubuntu
Django vulnerabilities2015-01-13
Red Hat
Django: database denial of service with ModelMultipleChoiceField2015-01-13
Debian
CVE-2015-0222: python-django - ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, w...2015

💬Community

3
Bugzilla
CVE-2015-0222 python-django: Django: database denial of service with ModelMultipleChoiceField [fedora-all]2015-01-14
Bugzilla
CVE-2015-0222 python-django: Django: database denial of service with ModelMultipleChoiceField [epel-7]2015-01-14
Bugzilla
CVE-2015-0222 Django: database denial of service with ModelMultipleChoiceField2015-01-07
CVE-2015-0222 — Djangoproject Django vulnerability | cvebase