Django DoS in django.views.static.serve
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Mar 7, 2024
Package
Affected versions
< 1.4.18
>= 1.6.0, < 1.6.10
>= 1.7.0, < 1.7.3
Patched versions
1.4.18
1.6.10
1.7.3
Description
Published by the National Vulnerability Database
Jan 16, 2015
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Aug 3, 2023
Last updated
Mar 7, 2024
The
django.views.static.serve
view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.References