Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-0306

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.

Published

2013-05-02T14:55:05.277

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-189
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application djangoproject django 1.3 Yes
Application djangoproject django 1.3 Yes
Application djangoproject django 1.3 Yes
Application djangoproject django 1.3.1 Yes
Application djangoproject django 1.3.2 Yes
Application djangoproject django 1.3.3 Yes
Application djangoproject django 1.4 Yes
Application djangoproject django 1.4 Yes
Application djangoproject django 1.4 Yes
Application djangoproject django 1.4.1 Yes
Application djangoproject django 1.4.2 Yes
Application djangoproject django 1.5 Yes
Application djangoproject django 1.5 Yes
Operating System canonical ubuntu_linux 10.04 Yes
Operating System canonical ubuntu_linux 11.10 Yes
Operating System canonical ubuntu_linux 12.04 Yes
Operating System canonical ubuntu_linux 12.10 Yes
References