CVE-2009-3695

Django's Insufficient Algorithmic Complexity Causes Denial of Service in pypi/Django

Identifiers

GHSA-p6m5-h7pp-v2x5, CVE-2009-3695

Package Slug

pypi/Django

Vulnerability

Django's Insufficient Algorithmic Complexity Causes Denial of Service

Description

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.

Affected Versions

All versions starting from 1.0 before 1.0.4, all versions starting from 1.1 before 1.1.1

Solution

Upgrade to versions 1.0.4, 1.1.1 or above.

Last Modified

2024-02-09

source