FreeBSD : django -- denial-of-service attack (87917d6f-ba76-11de-bac2-001a4d563a0f)
Medium Nessus Plugin ID 42170
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionDjango project reports :
Django's forms library includes field types which perform regular-expression-based validation of email addresses and URLs.
Certain addresses/URLs could trigger a pathological performance case in these regular expression, resulting in the server process/thread becoming unresponsive, and consuming excessive CPU over an extended period of time. If deliberately triggered, this could result in an effectively denial-of-service attack.
SolutionUpdate the affected packages.