Description

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.

Remediation

References

CVE-2013-0306

Related Vulnerabilities

PHP Other Vulnerability (CVE-2019-11044)

Perl Improper Certificate Validation Vulnerability (CVE-2023-31484)

RubyGems Origin Validation Error Vulnerability (CVE-2017-0902)

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18084)

TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-3662)

Severity

Medium

Classification

CVE-2013-0306

Tags

Missing Update Known Vulnerabilities