CVE-2014-0481: Django denial of service via file upload naming
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.80167%
CWE
Published
5/14/2022
Updated
9/18/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
django | pip | < 1.4.14 | 1.4.14 |
django | pip | >= 1.6, < 1.6.6 | 1.6.6 |
Django | pip | >= 1.5, < 1.5.9 | 1.5.9 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from the filename conflict resolution algorithm in get_available_name(). The commit diff shows replacement of itertools.count() with get_random_string(), explicitly addressing the O(n) algorithm. Documentation changes and CVE description confirm this was the attack vector. No other functions show direct involvement in the vulnerable pattern.