[3.6] py-django: memory exhaustion in django.utils.numberformat.format() (CVE-2019-6975)ID: oval:org.secpod.oval:def:1801338 | Date: (C)2019-06-06 (M)2023-11-10 |
Class: PATCH | Family: unix |
A vulnerability was found in Django before versions 2.2b1, 2.1.6, 2.0.11, 1.11.19. If django.utils.numberformat.format, used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters, received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to "{:f}".format. To avoid this, decimals with more than 200 digits are now formatted using scientific notation.
Platform: |
Alpine Linux 3.6 |