CVE-2019-6975

Description

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.

References

Link	Tags
https://www.djangoproject.com/weblog/2019/feb/11/security-releases/	patch vendor advisory
https://docs.djangoproject.com/en/dev/releases/security/	patch vendor advisory
http://www.securityfocus.com/bid/106964	third party advisory vdb entry
https://usn.ubuntu.com/3890-1/	third party advisory vendor advisory
https://www.openwall.com/lists/oss-security/2019/02/11/1	patch mailing list third party advisory
https://groups.google.com/forum/#%21topic/django-announce/WTwEAprR0IQ
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/	vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/	vendor advisory
https://www.debian.org/security/2019/dsa-4476	vendor advisory
https://seclists.org/bugtraq/2019/Jul/10	mailing list

Frequently Asked Questions

What is the severity of CVE-2019-6975?: CVE-2019-6975 has been scored as a high severity vulnerability.
How to fix CVE-2019-6975?: To fix CVE-2019-6975, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-6975 being actively exploited in the wild?: It is possible that CVE-2019-6975 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~6% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-770 – Allocation of Resources Without Limits or Throttling

References

Frequently Asked Questions