CVE-2015-5144

Name of the Vulnerable Software and Affected Versions Django versions 1.5.x through 1.6.x Django versions 1.7.x before 1.7.9 Django versions 1.8.x before 1.8.3 Django before 1.4.21

Description The issue is related to resource management errors in the Django web application platform. It can be exploited by a remote attacker to cause a denial of service by creating multiple requests with unique session keys. The vulnerability also allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an email message, URL, or unspecified vectors to certain validators.

Recommendations For Django before 1.4.21, update to version 1.4.21 or later. For Django versions 1.5.x through 1.6.x, update to version 1.7.9 or later. For Django versions 1.7.x before 1.7.9, update to version 1.7.9 or later. For Django versions 1.8.x before 1.8.3, update to version 1.8.3 or later. As a temporary workaround, consider restricting access to the EmailValidator, URLValidator, validate ipv4 address, and validate slug validator functions until a patch is available.