Django File Upload Handling Vulnerability Affects Multiple Versions
CVE-2014-0481
Currently unrated
What is CVE-2014-0481?
The file upload system in Django prior to version 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before the release candidate 3, is susceptible to a vulnerability that relies on the sequential generation of file names. This configuration creates a scenario where multiple files can be uploaded with the same name, leading to potential denial of service through excessive CPU consumption. Attackers can exploit this flaw to overload the server, impacting availability and performance.
