Djangoproject: >> Django >> 1.3.1 Security Vulnerabilities
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.
CVSS Score
5.0
EPSS Score
0.006
Published
2013-05-02
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
CVSS Score
6.4
EPSS Score
0.044
Published
2012-11-18
Page 3