David Wilson

**Name of the Vulnerable Software and Affected Versions** Django versions prior to 1.4.14 Django versions 1.5.x prior to 1.5.9 Django versions 1.6.x prior to 1.6.6 Django versions 1.7 before release candidate 3 **Description** The issue concerns the default configuration of the file upload handling system, which uses a sequential file name generation process when a file with a conflicting name is uploaded. This allows remote attackers to cause a denial of service by consuming CPU resources through uploading multiple files with the same name. **Recommendations** For Django versions prior to 1.4.14, update to version 1.4.14 or later. For Django versions 1.5.x prior to 1.5.9, update to version 1.5.9 or later. For Django versions 1.6.x prior to 1.6.6, update to version 1.6.6 or later. For Django versions 1.7 before release candidate 3, update to release candidate 3 or later.