CVE-2019-6975

Published: 11 February 2019

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
python-django
Launchpad, Ubuntu, Debian
Upstream
Released (1.11.19)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:1.11.11-1ubuntu1.3)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.8.7-1ubuntu5.8)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227 (1.11 branch)