CVE-2019-6975Allocation of Resources Without Limits or Throttling in Django

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource Consumption12 documents8 sources
Severity
7.5HIGHNVD
EPSS
18.4%
top 4.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Djangoproject DjangoCanonical Ubuntu LinuxFedoraproject Fedora
Timeline
PublishedFeb 11
Latest updateFeb 18

Description

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDdjangoproject/django1.11.01.11.19+2
PyPIdjangoproject/django1.111.11.19+2

Also affects: Fedora 28, 29, Ubuntu Linux 16.04, 18.04, 18.10

Patches

Patch: docs.djangoproject.comPatch: www.djangoproject.comPatch: www.openwall.com

🔴Vulnerability Details

4
GHSA
Uncontrolled Memory Consumption in Django2019-02-12
OSV
Uncontrolled Memory Consumption in Django2019-02-12
CVEList
CVE-2019-6975: Django 12019-02-11
OSV
CVE-2019-6975: Django 12019-02-11

📋Vendor Advisories

3
Ubuntu
Django vulnerability2019-02-13
Red Hat
python-django: memory exhaustion in django.utils.numberformat.format()2019-02-11
Debian
CVE-2019-6975: python-django - Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows...2019

💬Community

4
Bugzilla
CVE-2019-6975 python-django: memory exhaustion in django.utils.numberformat.format() [fedora-all]2019-02-18
Bugzilla
CVE-2019-6975 django:1.6/python-django: memory exhaustion in django.utils.numberformat.format() [fedora-all]2019-02-18
Bugzilla
CVE-2019-6975 python-django: memory exhaustion in django.utils.numberformat.format() [epel-7]2019-02-18
Bugzilla
CVE-2019-6975 python-django: memory exhaustion in django.utils.numberformat.format()2019-02-07
CVE-2019-6975 — Djangoproject Django vulnerability | cvebase