Marcin Waraksa

**Name of the Vulnerable Software and Affected Versions** django-filter versions prior to 2.4.0 **Description** The issue concerns automatically generated `NumberFilter` instances in django-filter, which are subject to potential Denial of Service (DoS) attacks from malicious input using exponential format with sufficiently large exponents. This occurs when the value is later converted to an integer. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 2.4.0, consider upgrading to version 2.4.0 or later, which applies a `MaxValueValidator` with a default `limit value` of 1e50 to the form field used by `NumberFilter` instances. As a temporary workaround, users may manually apply an equivalent validator if they are not able to upgrade. Additionally, `NumberFilter` implements the new `get max validator()` which should return a configured validator instance to customise the limit, or else `None` to disable the additional validation.