5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.061 Low
EPSS
Percentile
93.6%
Django project reports:
Django’s forms library includes field types which perform
regular-expression-based validation of email addresses and
URLs. Certain addresses/URLs could trigger a pathological
performance case in these regular expression, resulting in
the server process/thread becoming unresponsive, and consuming
excessive CPU over an extended period of time. If deliberately
triggered, this could result in an effectively
denial-of-service attack.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | py23-django | < 1.1.1 | UNKNOWN |
FreeBSD | any | noarch | py24-django | < 1.1.1 | UNKNOWN |
FreeBSD | any | noarch | py25-django | < 1.1.1 | UNKNOWN |
FreeBSD | any | noarch | py26-django | < 1.1.1 | UNKNOWN |
FreeBSD | any | noarch | py30-django | < 1.1.1 | UNKNOWN |
FreeBSD | any | noarch | py31-django | < 1.1.1 | UNKNOWN |
FreeBSD | any | noarch | py23-django-devel | < 11603,1 | UNKNOWN |
FreeBSD | any | noarch | py24-django-devel | < 11603,1 | UNKNOWN |
FreeBSD | any | noarch | py25-django-devel | < 11603,1 | UNKNOWN |
FreeBSD | any | noarch | py26-django-devel | < 11603,1 | UNKNOWN |