Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
446
VMScore

CVE-2019-6975

Published: 11/02/2019 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Djangoproject

Vulnerability Summary

Django 1.11.x prior to 1.11.19, 2.0.x prior to 2.0.11, and 2.1.x prior to 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

djangoproject django

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

fedoraproject fedora 28

fedoraproject fedora 29

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()
Debian Bug report logs - #922027 CVE-2019-6975: Memory exhaustion in djangoutilsnumberformatformat() Package: python-django; Maintainer for python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-django is src:python-django (PTS, buildd, popcon) Reported by: Herbert For ...
Ubuntu Security Notice: python-django vulnerability
Django could be made to consume resources if it received specially crafted network traffic ...
Debian Security Advisories: DSA-4476-1 python-django -- security update
Three security issues were found in Django, a Python web development framework, which could result in denial of service, incomplete sanitisation of clickable links or missing redirects of HTTP requests to HTTPS For the stable distribution (stretch), these problems have been fixed in version 1:1107-2+deb9u5 We recommend that you upgrade your pyt ...
Red Hat: CVE-2019-6975
Django 111x before 11119, 20x before 2011, and 21x before 216 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the djangoutilsnumberformatformat() function ...
Arch Linux Issues:
Django 111x before 11119, 20x before 2011, and 21x before 216 allows uncontrolled memory consumption via a malicious attacker-supplied value to the djangoutilsnumberformatformat() function If the affected numberformat function as used by contribadmin as well as the the floatformat, filesizeformat, and intcomma templates filters rec ...

Github Repositories

https://github.com/Crossroadsman/treehouse-techdegree-python-project9

Project 9: Improve a Django Project WARNING: Security Vulnerability There are multiple vulnerabilities with versions of Django below 11119 (see CVE-2019-6975, CVE-2019-3498, CVE-2017-7234, and CVE-2017-7233) These vulnerabilities have not been addressed as part of the project specification is to use the packages according to the supplied requirementstxt1 Installation Clon

https://github.com/davidlares/davidBudgetTesting

davidBudget Project continuation (separated repo) for Unit, Integration and Functional Tests setup.

davidBudgetTesting This is a continuation of davidBudget repo In this opportunity we built the testing module for this Webapp Unit and Integration testing with the Unittest module (I think it already comes with Django 21x) And Functional testing with the ChromeDriver software and Selenium for Automated Web Browser Actions ChromeDriver "WebDriver is an open source too

https://github.com/davidlares/davidBudget

A simple budget webapp for handling projects expenses built with Django 2.x and Vanilla JS

davidBudget This repo is a simple budget Webapp for handling projects expenses built with Django 2x and Vanilla JS The whole Django project consists in CRUDing projects, categories (for the projects) and registering project expenses, just like a personal Wallet Internally handles pure Django standards and 1:M ORM DB relations The frontend is vanilla JS and MaterializeCSS (

References

CWE-770https://www.openwall.com/lists/oss-security/2019/02/11/1https://www.djangoproject.com/weblog/2019/feb/11/security-releases/https://docs.djangoproject.com/en/dev/releases/security/http://www.securityfocus.com/bid/106964https://usn.ubuntu.com/3890-1/https://www.debian.org/security/2019/dsa-4476https://seclists.org/bugtraq/2019/Jul/10https://groups.google.com/forum/#%21topic/django-announce/WTwEAprR0IQhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922027https://usn.ubuntu.com/3890-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook