Debian: CVE-2019-6975: python-django -- security update
Django could be made to consume resources if it received specially crafted network traffic.
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
A vulnerability in the django.utils.numberformat.format() function of Django could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper memory operations that exist when the django.utils.numberformat.format() function of the affected software receives a decimal with a large number of digits or a large component. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could allow the attacker to consume excessive amounts of memory resources, resulting in a DoS condition. The Django Software Foundation has confirmed the vulnerability and released software updates.