CVE-2010-4535:
Improper date handling in Django
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.88931%
CWE
Published
7/23/2018
Updated
9/17/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
django | pip | < 1.1.3 | 1.1.3 |
Django | pip | >= 1.2, < 1.2.4 | 1.2.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from two key points: (1) the base36_to_int function lacked input validation, allowing resource-heavy conversions of large inputs, and (2) the URL route pattern permitted excessively long uidb36 parameters. The commit diff shows both the regex tightening in urls.py and the length check added to base36_to_int in http.py, directly addressing the root causes. The CVE description explicitly ties the DoS vector to unvalidated base36 timestamp handling, confirming these functions' roles.