CVE-2014-0481
Published: 26 August 2014
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.
Priority
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
lucid |
Released
(1.1.1-2ubuntu1.13)
|
precise |
Released
(1.3.1-4ubuntu1.12)
|
|
trusty |
Released
(1.6.1-2ubuntu0.4)
|
|
upstream |
Released
(1.6.6-1)
|
|
Patches: upstream: https://github.com/django/django/commit/30042d475bf084c6723c6217a21598d9247a9c41 upstream: https://github.com/django/django/commit/dd0c3f4ee1a30c1a1e6055061c6ba6e58c6b54d1 |