Skip to content

Django DoS in django.views.static.serve

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Mar 7, 2024

Package

pip django (pip)

Affected versions

< 1.4.18
>= 1.6.0, < 1.6.10
>= 1.7.0, < 1.7.3

Patched versions

1.4.18
1.6.10
1.7.3

Description

The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.

References

Published by the National Vulnerability Database Jan 16, 2015
Published to the GitHub Advisory Database May 17, 2022
Reviewed Aug 3, 2023
Last updated Mar 7, 2024

Severity

Moderate

Weaknesses

CVE ID

CVE-2015-0221

GHSA ID

GHSA-jhjg-w2cp-5j44

Source code

Credits

Checking history
See something to contribute? Suggest improvements for this vulnerability.