Django File Upload Handling Vulnerability Affects Multiple Versions
CVE-2014-0481

Currently unrated

Key Information:

Vendor

Opensuse Project

Status
Opensuse
Vendor
CVE Published:
26 August 2014

What is CVE-2014-0481?

The file upload system in Django prior to version 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before the release candidate 3, is susceptible to a vulnerability that relies on the sequential generation of file names. This configuration creates a scenario where multiple files can be uploaded with the same name, leading to potential denial of service through excessive CPU consumption. Attackers can exploit this flaw to overload the server, impacting availability and performance.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.djangoproject.com/weblog/2014/aug/20/security/
x_refsource_CONFIRM
http://secunia.com/advisories/61276
third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61281
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.