Lucene search
K

4 matches found

OSV
OSV
added 2026/04/07 2:22 p.m.2 views

CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS7AI score0.00769EPSS
Exploits0References7
PyPA
PyPA
added 2024/12/06 12:15 p.m.9 views

PYSEC-2024-156

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS6.8AI score0.01398EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2019/02/11 1:29 p.m.1 views

DEBIAN-CVE-2019-6975

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...

7.5CVSS5.1AI score0.05399EPSS
Exploits0References1
OSV
OSV
added 2017/09/07 1:29 p.m.1 views

DEBIAN-CVE-2017-12794

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

6.1CVSS6.1AI score0.23566EPSS
Exploits0References1
Rows per page
Query Builder