Lucene search

Veracode Vulnerability DatabaseVERACODE:30300

HistoryApr 30, 2021 - 4:45 a.m.

Denial Of Service (DoS)

2021-04-3004:45:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

django-filters is vulnerable to denial of service. An attacker is able to cause an application crash by submitting malicious input using exponential format with large exponents.

CPENameOperatorVersion
django-filterle2.3.0
django-filterle2.3.0

CPE	Name	Operator	Version
	django-filter	le	2.3.0
	django-filter	le	2.3.0

References

github.com/carltongibson/django-filter/commit/340cf7a23a2b3dcd7183f6a0d6c383e85b130d2b

github.com/carltongibson/django-filter/pull/1272

github.com/carltongibson/django-filter/releases/tag/2.4.0

github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973

lists.fedoraproject.org/archives/list/[email protected]/message/DPHENTRHRAYFXYPPBT7JRHZRWILRY44S/

lists.fedoraproject.org/archives/list/[email protected]/message/FAT2ZAEF6DM3VFSOHKB7X3ASSHGQHJAK/

pypi.org/project/django-filter/

security.netapp.com/advisory/ntap-20210604-0010/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

Related for VERACODE:30300