PYSEC-2013-17 — Vulnetix

PYSEC-2013-17 PUBLISHED CVSS 9.300000190734863 CRITICAL

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
PyPI	django	1.4, 1.3.1, 1.3.3

Timeline

May 2, 2013 CVE Published
Nov 8, 2023 CVE Updated
May 1, 2026 Distribution Patch
May 1, 2026 Distribution Patch
May 1, 2026 Security Advisory

References

https://www.djangoproject.com/weblog/2013/feb/19/security/ article
http://rhn.redhat.com/errata/RHSA-2013-0670.html advisory
http://www.debian.org/security/2013/dsa-2634 advisory
http://ubuntu.com/usn/usn-1757-1 advisory

Open in Interactive Console →