Description
The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.
Remediation
References
Related Vulnerabilities
WordPress Plugin RSVP and Event Management Cross-Site Scripting (2.3.7)
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7911)
WordPress Plugin Custom CSS Pro Cross-Site Request Forgery (1.0.3)
WordPress Plugin User Rights Access Manager Security Bypass (1.0.3)
Oracle Database Server CVE-2014-6547 Vulnerability (CVE-2014-6547)