Miggo Logo
Miggo Vulnerability Database
CVE-2015-0222

CVE-2015-0222: Django database denial-of-service with ModelMultipleChoiceField

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2015-0222
GHSA ID
GHSA-6g95-x6cj-mg4v
EPSS Score
0.88713%
CWE
CWE-770
Published
5/17/2022
Updated
9/18/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Djangopip>= 1.6, < 1.6.101.6.10
Djangopip>= 1.7, < 1.7.31.7.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from duplicate value handling in ModelMultipleChoiceField validation. The pre-patch code in clean() and to_python() methods processed each submitted value individually, including duplicates. The GitHub commit shows these methods were modified to call a new _check_values() method that deduplicates inputs using frozenset(). The lack of deduplication in the original implementations directly enabled the SQL query amplification attack described in CVE-2015-0222. The file path and function names are explicitly shown in the commit diff, and the vulnerability documentation specifically references ModelMultipleChoiceField validation logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Mo**lMultipl***oi***i*l* in *j*n*o *.*.x ***or* *.*.** *n* *.*.x ***or* *.*.*, w**n s*ow_*i***n_initi*l is s*t to Tru*, *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** *y su*mittin* *upli**t* v*lu*s, w*i** tri***rs * l*r** num**r o* SQL qu*ri*s.

Reasoning

T** vuln*r**ility st*ms *rom *upli**t* v*lu* **n*lin* in Mo**lMultipl***oi***i*l* v*li**tion. T** pr*-p*t** *o** in *l**n() *n* to_pyt*on() m*t*o*s pro**ss** **** su*mitt** v*lu* in*ivi*u*lly, in*lu*in* *upli**t*s. T** *it*u* *ommit s*ows t**s* m*t*o