Description

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.

Remediation

References

CVE-2009-3695

Related Vulnerabilities

Jboss EAP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2011-4610)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors SQL Injection (2.0.2)

WordPress Plugin FireCask Like & Share Button Cross-Site Scripting (1.1.5)

Ember.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-0013)

WordPress Plugin Wow Moodboard Lite Open Redirect (1.1.1.1)

Severity

Medium

Classification

CVE-2009-3695

Tags

Missing Update Known Vulnerabilities