WEB APPLICATION VULNERABILITIES Standard & Premium

Django Uncontrolled Resource Consumption Vulnerability (CVE-2021-45115)

Description

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.

Remediation

References

Related Vulnerabilities

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9414)

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.7)

WordPress Plugin Webapp builder (Free mobile apps native iPhone iOS & Android Winphone mobile apps) Arbitrary File Upload (2.0)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Request Forgery (3.0.8)

Django Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4140)

Severity

High

Classification

CVE-2021-45115 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities