Description
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.
Remediation
References
Related Vulnerabilities
MySQL CVE-2024-21069 Vulnerability (CVE-2024-21069)
WordPress Plugin QIWI payment module for Woocommerce Cross-Site Scripting (0.0.9)
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-30153)
MySQL CVE-2012-1756 Vulnerability (CVE-2012-1756)
WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)