CVE-2019-6975 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows uncontrolled memory consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. If the affected numberformat function as used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters receives a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format().

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-882	python2-django	1.11.18-1	1.11.19-1	Medium	Fixed
AVG-881	python-django	2.1.5-1	2.1.6-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
12 Feb 2019	ASA-201902-15	AVG-882	python2-django	Medium	denial of service
12 Feb 2019	ASA-201902-14	AVG-881	python-django	Medium	denial of service

References
https://www.djangoproject.com/weblog/2019/feb/11/security-releases/ https://www.openwall.com/lists/oss-security/2019/02/11/1 https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227 https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3

References

https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
https://www.openwall.com/lists/oss-security/2019/02/11/1
https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227
https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3