CVE-2015-5145

Aliases:GHSA-cqf7-ff9h-7967PYSEC-2015-21
Advisory lineage Upstream: 0 Downstream: 7
Modified
Published: 14 Jul 2015, 17:00
Last modified:06 Aug 2024, 06:32

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.8 HIGH
v2.0 (nvd)
EPSS Score
0.79% LOW
1% probability -0.65%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

14 Jul 2015, 17:00
Published
Vulnerability first disclosed
06 Aug 2024, 06:32
Last Modified
Vulnerability information updated

Description

validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

CVSS Metrics

  • v4.0HIGHScore: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • v2.0HIGHScore: 7.8AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.79% Percentile: 74%

Techniques & Countermeasures

  • CWE-399Resource Management Errors

    Weaknesses in this category are related to improper management of system resources.

Affected Systems

  • djangoprojectdjango

    1.8.0 | 1.8.1 | 1.8.2

  • PyPIdjango

    ≥ 1.8a1, < 1.8.3 | ≥ 1.8, < 1.8.3

References (12)