CVE-2011-4137

Name of the Vulnerable Software and Affected Versions Django versions prior to 1.2.7 Django versions 1.3.x prior to 1.3.1

Description The issue is related to the verify exists functionality in the URLField implementation, which relies on Python libraries that attempt to access an arbitrary URL with no timeout. This allows remote attackers to cause a denial of service by consuming resources via a URL associated with a slow response, a completed TCP connection with no application data sent, or a large amount of application data.

Recommendations For Django versions prior to 1.2.7, update to version 1.2.7 or later. For Django versions 1.3.x prior to 1.3.1, update to version 1.3.1 or later.