CVE-2020-15225
- Source
- https://cve.org/CVERecord?id=CVE-2020-15225
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15225.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-15225
- Aliases
- Downstream
- Related
- Published
- 2021-04-29T21:15:08.490Z
- Modified
- 2026-02-16T07:39:48.296470Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated
NumberFilterinstances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies aMaxValueValidatorwith a a defaultlimit_valueof 1e50 to the form field used byNumberFilterinstances. In addition,NumberFilterimplements the newget_max_validator()which should return a configured validator instance to customise the limit, or elseNoneto disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade. - References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPHENTRHRAYFXYPPBT7JRHZRWILRY44S/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FAT2ZAEF6DM3VFSOHKB7X3ASSHGQHJAK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVJ7AYU6FUSU3F653YCGW5LFD3IULRSX/
- https://github.com/carltongibson/django-filter/commit/340cf7a23a2b3dcd7183f6a0d6c383e85b130d2b
- https://github.com/carltongibson/django-filter/releases/tag/2.4.0
- https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973
- https://pypi.org/project/django-filter/
- https://security.netapp.com/advisory/ntap-20210604-0010/
- https://github.com/carltongibson/django-filter/commit/340cf7a23a2b3dcd7183f6a0d6c383e85b130d2b
- https://pypi.org/project/django-filter/
Affected packages
Git / gitlab.gnome.org/GNOME/glib
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.gnome.org/GNOME/glib
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
FOR_GNOME_0_99_1
GLIB_1_1_0
GLIB_1_1_1
GLIB_1_1_10
GLIB_1_1_11
GLIB_1_1_12
GLIB_1_1_13
GLIB_1_1_14
GLIB_1_1_15
GLIB_1_1_16
GLIB_1_1_2
GLIB_1_1_3
GLIB_1_1_3a
GLIB_1_1_4
GLIB_1_1_5
GLIB_1_1_6
GLIB_1_1_7
GLIB_1_1_8
GLIB_1_1_8a
GLIB_1_1_9
GLIB_1_2_0
GLIB_1_2_9PRE1
GLIB_1_3_0
GLIB_1_3_1
GLIB_1_3_10
GLIB_1_3_11
GLIB_1_3_12
GLIB_1_3_13
GLIB_1_3_14
GLIB_1_3_15
GLIB_1_3_2
GLIB_1_3_3
GLIB_1_3_4
GLIB_1_3_5
GLIB_1_3_6
GLIB_1_3_7
GLIB_1_3_8
GLIB_1_3_9
GLIB_2_0_0
GLIB_2_0_0_RC1
GLIB_2_0_1
GLIB_2_1_3
GLIB_2_1_4
GLIB_2_1_5
GLIB_2_2_0
GLIB_2_3_0
GLIB_2_3_1
GLIB_2_3_2
GLIB_2_3_3
GLIB_2_3_5
GLIB_2_3_6
GLIB_GNOME_0_99_1
GLIB_VERSION_1_1_3
GNOME_PRINT_0_24
GOBJECT_GType_guint
GTK_ALL_1_3_6
PRE_CLEANUP
R_2_0_core
glib-2-0-branchpoint
glib-2-2-branchpoint
start