Django File Upload Handling Vulnerability Affects Multiple Versions
CVE-2014-0481

Currently unrated

Key Information:

Status
Vendor
CVE Published:
26 August 2014

What is CVE-2014-0481?

The file upload system in Django prior to version 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before the release candidate 3, is susceptible to a vulnerability that relies on the sequential generation of file names. This configuration creates a scenario where multiple files can be uploaded with the same name, leading to potential denial of service through excessive CPU consumption. Attackers can exploit this flaw to overload the server, impacting availability and performance.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.