Описание
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.4.1-1 |
| hardy | ignored | end of life |
| lucid | released | 1.1.1-2ubuntu1.5 |
| natty | released | 1.2.5-1ubuntu1.2 |
| oneiric | released | 1.3-2ubuntu1.3 |
| precise | released | 1.3.1-4ubuntu1.2 |
| upstream | released | 1.3.2,1.4.1 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.
The django.forms.ImageField class in the form system in Django before ...
Django Image Field Vulnerable to Image Decompression Bombs
EPSS
5 Medium
CVSS2