5
CVSSv2

CVE-2019-6975

Published: 11/02/2019 Updated: 06/07/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Django 1.11.x prior to 1.11.19, 2.0.x prior to 2.0.11, and 2.1.x prior to 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.

Vulnerability Trend

Affected Products

Vendor Product Versions
DjangoprojectDjango1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.11.13, 1.11.14, 1.11.15, 1.11.16, 1.11.17, 1.11.18, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5
CanonicalUbuntu Linux16.04, 18.04, 18.10
FedoraprojectFedora28, 29

Vendor Advisories

Django could be made to consume resources if it received specially crafted network traffic ...
Debian Bug report logs - #922027 CVE-2019-6975: Memory exhaustion in djangoutilsnumberformatformat() Package: python-django; Maintainer for python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-django is src:python-django (PTS, buildd, popcon) Reported by: Herbert For ...
Django 111x before 11119, 20x before 2011, and 21x before 216 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the djangoutilsnumberformatformat() function ...
Arch Linux Security Advisory ASA-201902-14 ========================================== Severity: Medium Date : 2019-02-12 CVE-ID : CVE-2019-6975 Package : python-django Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-881 Summary ======= The package python-django before version 216-1 is vulnerable to de ...
Three security issues were found in Django, a Python web development framework, which could result in denial of service, incomplete sanitisation of clickable links or missing redirects of HTTP requests to HTTPS For the stable distribution (stretch), these problems have been fixed in version 1:1107-2+deb9u5 We recommend that you upgrade your pyt ...
Arch Linux Security Advisory ASA-201902-15 ========================================== Severity: Medium Date : 2019-02-12 CVE-ID : CVE-2019-6975 Package : python2-django Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-882 Summary ======= The package python2-django before version 11119-1 is vulnerable t ...
Django 111x before 11119, 20x before 2011, and 21x before 216 allows uncontrolled memory consumption via a malicious attacker-supplied value to the djangoutilsnumberformatformat() function If the affected numberformat function as used by contribadmin as well as the the floatformat, filesizeformat, and intcomma templates filters rec ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4476-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff July 05, 2019 wwwdebianorg/security/faq ...

Github Repositories

davidBudgetTesting This is a continuation of davidBudget repo In this opportunity we built the testing module for this Webapp Unit and Integration testing with the Unittest module (I think it already comes with Django 21x) And Functional testing with the ChromeDriver software and Selenium for Automated Web Browser Actions ChromeDriver "WebDriver is an open source too

davidBudget This repo is a simple budget Webapp for handling projects expenses built with Django 2x and Vanilla JS The whole Django project consists in CRUDing projects, categories (for the projects) and registering project expenses, just like a personal Wallet Internally handles pure Django standards and 1:M ORM DB relations The frontend is vanilla JS and MaterializeCSS (

Snyk Shell Snyk Shell provides a convenient shell interface to the Snyk API You can use any valid Python expression as well as make calls to the Snyk API using the pre-configured Snyk API client When you load the the shell it will pre-load a list of your organizations and projects so you have some data to explore Installation Snyk Shell is available from PyPi Use your prefe

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI Accuracy Comparison The number of vulnerabilities detected on Alpine Linux (as of 2019/05/12) See Comparison with other scanners for details TOC Abstract Features Installation RHEL/CentOS Debian/Ubuntu Mac OS X / Homebrew Binary (Including Windows) From source Quick Start Basic Docker E

TrivyWeb A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI for Web TOC Installation RHEL/CentOS Debian/Ubuntu Mac OS X / Homebrew Binary (Including Windows) From source Examples Scan an image Scan an image file Save the results as JSON Filter the vulnerabilities by severities Filter the vulnerabilities by type Skip an update of vulnerability