CVE-2007-5712 – django

Package

Manager: pip
Name: django
Vulnerable Version: =0.96.0 || >=0.96.0 <0.96.1 || >=0.95 <0.95.2 || =0.91.0 || >=0.91.0 <0.91.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01594 pctl0.8096

Details

Django vulnerable to Denial of Service via i18n middleware component The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.

Metadata

Created: 2022-05-01T18:36:08Z
Modified: 2024-11-18T16:26:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9v8h-57gv-qch6/GHSA-9v8h-57gv-qch6.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-9v8h-57gv-qch6
Finding: F002
Auto approve: 1