Package: python-django
Version: Django 2.2, 1.11
Severity: normal

CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()

If django.utils.numberformat.format() -- used by contrib.admin as well as the 
the floatformat, filesizeformat, and intcomma templates filters -- received a 
Decimal with a large number of digits or a large exponent, it could lead to 
significant memory usage due to a call to '{:f}'.format().

To avoid this, decimals with more than 200 digits are now formatted using 
scientific notation.

Thanks Sjoerd Job Postmus for reporting this issue.
Affected supported versions

    Django master branch
    Django 2.2 (which will be released in a separate blog post later today)
    Django 2.1
    Django 2.0
    Django 1.11

Per our supported versions policy, Django 1.10 and older are no longer 



Reply via email to