PT-2013-2220 · Django · Django

Publicado

2013-05-02

Atualizado

2022-05-05

CVE-2013-0306

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Django versions 1.3.x through 1.3.5 Django versions 1.4.x through 1.4.3 Django versions 1.5 before release candidate 2

Description The issue allows remote attackers to bypass intended resource limits for formsets, potentially causing a denial of service due to memory consumption or triggering server errors. This is achieved by modifying the max num parameter.

Recommendations For Django versions 1.3.x through 1.3.5, update to version 1.3.6 or later. For Django versions 1.4.x through 1.4.3, update to version 1.4.4 or later. For Django versions 1.5 before release candidate 2, update to release candidate 2 or later.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-189

Identificadores relacionados

CVE-2013-0306

DSA-2634-1

GHSA-G8XG-JGJ6-49R3

PYSEC-2013-17

RHSA-2013:0670

Produtos afetados

Django

PT-2013-2220 · Django · Django

CVE-2013-0306

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14