Description
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2011-2232 Vulnerability (CVE-2011-2232)
MySQL CVE-2021-2178 Vulnerability (CVE-2021-2178)
Atlassian Jira Improper Authentication Vulnerability (CVE-2021-41312)
Joomla! Core 4.x.x Multiple Vulnerabilities (4.0.0 - 4.2.3)
WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) Cross-Site Scripting (6.20.2)