CVE-2013-0306 – Django: Formset denial-of-service

https://notcve.org/view.php?id=CVE-2013-0306

02 May 2013 — The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter. Vulnerabilidad sin especificar en el formulario "library" en Django v1.3.x antes de v1.3.6, v1.4.x antes de v1.4.4, v1.5 antes de release candidate v2 permite a atacantes remotos evitar las restricciones de los recursos y causar... • http://rhn.redhat.com/errata/RHSA-2013-0670.html • CWE-189: Numeric Errors •