CVE-2014-0481 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=0 <1.4.14 || >=1.5 <1.5.9 || >=1.6 <1.6.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01487 pctl0.80307

Details

Django denial of service via file upload naming The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.

Metadata

Created: 2022-05-14T02:05:08Z
Modified: 2024-09-18T15:57:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-296w-6qhq-gf92/GHSA-296w-6qhq-gf92.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-296w-6qhq-gf92
Finding: F002
Auto approve: 1