2019-02-11 14:29:00 2019-07-06 13:15:10

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL
Djangoproject Django 2.0.8 (not an official CPE) Djangoproject Django 2.0.9 (not an official CPE) Djangoproject Django 2.0.7 (not an official CPE) Djangoproject Django 2.0.6 (not an official CPE) Djangoproject Django 2.0.5 (not an official CPE) Djangoproject Django 2.0.4 (not an official CPE) Djangoproject Django 2.0.3 (not an official CPE) Djangoproject Django 2.0.2 (not an official CPE) Djangoproject Django 2.0.1 (not an official CPE) Djangoproject Django 1.11.18 (not an official CPE) Djangoproject Django 1.11.17 (not an official CPE) Djangoproject Django 1.11.16 (not an official CPE) Djangoproject Django 1.11.15 (not an official CPE) Djangoproject Django 1.11.14 (not an official CPE) Djangoproject Django 1.11.13 (not an official CPE) Djangoproject Django 1.11.12 (not an official CPE) Djangoproject Django 1.11.11 (not an official CPE) Djangoproject Django 1.11.10 (not an official CPE) Djangoproject Django 1.11.9 (not an official CPE) Djangoproject Django 1.11.8 (not an official CPE) Djangoproject Django 1.11.7 (not an official CPE) Djangoproject Django 1.11.6 (not an official CPE) Djangoproject Django 1.11.5 (not an official CPE) Djangoproject Django 1.11.4 (not an official CPE) Djangoproject Django 1.11.2 (not an official CPE) Djangoproject Django 1.11.3 (not an official CPE) Djangoproject Django 1.11.1 (not an official CPE) Djangoproject Django 2.0.10 (not an official CPE) Djangoproject Django 2.1.1 (not an official CPE) Djangoproject Django 2.1.2 (not an official CPE) Djangoproject Django 2.1.3 (not an official CPE) Djangoproject Django 2.1.4 (not an official CPE) Djangoproject Django 2.1.5 (not an official CPE)