CVE-2013-0306
Description
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.363
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django 1.3.6 | Windows |
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django 1.4.4 | Windows |
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django for linux 1.3.6 | Linux |
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django for linux 1.4.4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234