5
CVSSv2

CVE-2019-6975

Published: 11/02/2019 Updated: 21/03/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Django 1.11.x prior to 1.11.19, 2.0.x prior to 2.0.11, and 2.1.x prior to 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.

Vulnerability Trend

Affected Products

Vendor Product Versions
DjangoprojectDjango1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.11.13, 1.11.14, 1.11.15, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8
CanonicalUbuntu Linux16.04, 18.04, 18.10

Vendor Advisories

Django could be made to consume resources if it received specially crafted network traffic ...
Django 111x before 11119, 20x before 2011, and 21x before 216 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the djangoutilsnumberformatformat() function ...
Arch Linux Security Advisory ASA-201902-14 ========================================== Severity: Medium Date : 2019-02-12 CVE-ID : CVE-2019-6975 Package : python-django Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-881 Summary ======= The package python-django before version 216-1 is vulnerable to de ...
Arch Linux Security Advisory ASA-201902-15 ========================================== Severity: Medium Date : 2019-02-12 CVE-ID : CVE-2019-6975 Package : python2-django Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-882 Summary ======= The package python2-django before version 11119-1 is vulnerable t ...
Django 111x before 11119, 20x before 2011, and 21x before 216 allows uncontrolled memory consumption via a malicious attacker-supplied value to the djangoutilsnumberformatformat() function If the affected numberformat function as used by contribadmin as well as the the floatformat, filesizeformat, and intcomma templates filters rec ...

Github Repositories

Dilshads Resume Server This is a django server which demonstrates Dilshads web skills Running Here's how to get RAS up and running For a developer machine, Docker Compose is a good way to go: To pull, in your virtualenvironment folder do: /> git glone To get the correct software libraries from an activated virtual env do: /> pip install -r requirementstxt