High severityOSV Advisory· Published Feb 11, 2019· Updated Aug 4, 2024

CVE-2019-6975

Description

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Django versions before 1.11.19, 2.0.11, and 2.1.6 allow denial of service via uncontrolled memory consumption in the numberformat.format() function.

Vulnerability

Django versions 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 contain a flaw in the django.utils.numberformat.format() function that allows uncontrolled memory consumption when processing a maliciously crafted value [2][4]. The function does not properly limit resource allocation, leading to excessive memory usage.

Exploitation

An attacker can exploit this vulnerability by providing a specially crafted value to any application endpoint that uses the format() function from django.utils.numberformat. No authentication is required if the endpoint is publicly accessible; the attacker only needs the ability to supply input to the vulnerable function [2][3].

Impact

Successful exploitation results in uncontrolled memory consumption, causing a denial of service (DoS) condition. The application may become unresponsive or crash due to memory exhaustion [2][3].

Mitigation

The issue is fixed in Django 1.11.19, 2.0.11, and 2.1.6 [3]. Users should upgrade to these or later versions. No workaround is available; upgrading is the recommended mitigation [3].

References

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
DjangoPyPI	>= 1.11, < 1.11.19	1.11.19
DjangoPyPI	>= 2.0, < 2.0.11	2.0.11
DjangoPyPI	>= 2.1, < 2.1.6	2.1.6

Affected products

354

Djangoproject/DjangoOSV
Range: 1.0, 1.1, 1.11, …
ghsa-coords353 versions
pkg:pypi/django pkg:rpm/opensuse/python-Django4&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/python-Django6&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/python-Django&distro=openSUSE%20Tumbleweed pkg:rpm/suse/ardana-ansible&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-barbican&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-barbican&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-cassandra&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-cassandra&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-ceilometer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-ceilometer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-cinder&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-cinder&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-cluster&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-cluster&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-cobbler&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-cobbler&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-db&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-db&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-designate&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-designate&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-freezer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-freezer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-glance&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-glance&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-heat&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-heat&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-horizon&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-horizon&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-input-model&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-input-model&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-ironic&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-ironic&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-keystone&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-keystone&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-logging&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-logging&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-magnum&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-magnum&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-manila&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-manila&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-memcached&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-memcached&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-monasca&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-monasca-transform&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-monasca-transform&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-mq&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-nova&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-nova&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-octavia&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-octavia&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-opsconsole&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-opsconsole&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-opsconsole-ui&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-opsconsole-ui-hpe&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-osconfig&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-osconfig&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-service-ansible&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-service-ansible&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-service&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-service&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-ses&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-ses&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-spark&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-spark&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-swift&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-swift&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-tempest&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-tempest&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-tls&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-tls&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/crowbar-core-branding-SOC&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/crowbar-ha&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-hpe-helion-openstack-installation&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-operations&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-opsconsole&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-planning&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-security&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-user&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-suse-openstack-cloud-deployment&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-installation&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-operations&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-opsconsole&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-planning&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-security&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-user&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-aodh&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-aodh&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-aodh-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-aodh-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-aodh-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-barbican&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-barbican-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-barbican-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-barbican-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-ceilometer-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-ceilometer-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-ceilometer-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-cinder&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-cinder-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-dashboard&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-dashboard-theme-SUSE&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-dashboard-theme-SUSE&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-designate&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-designate&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-designate&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-designate-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-designate-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-designate-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-heat&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-heat-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-heat-gbp&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-horizon-plugin-trove-ui&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-horizon-plugin-trove-ui&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-horizon-plugin-trove-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-ironic&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-ironic-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-ironic-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-ironic-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-keystone&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-keystone-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-monasca-agent&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-monasca-api&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-monasca-api&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-monasca-api&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-monasca-log-api&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-monasca-log-api&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-monasca-log-api&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-fwaas&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-fwaas&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-fwaas&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-gbp&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-lbaas&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-lbaas&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-lbaas&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-lbaas-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-lbaas-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-lbaas-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-vpnaas&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-vpnaas&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-vpnaas&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-vpnaas-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-vpnaas-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-vpnaas-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-nova&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-nova-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-trove&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-trove&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-trove&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-trove-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-trove-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-trove-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-ardana-configurationprocessor&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-ardana-configurationprocessor&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-cinderlm&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-cinderlm&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-cliff&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-cliff&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-cliff&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-Django&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-freezerclient&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-freezerclient&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-freezerclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-ironicclient&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-ironicclient&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-ironicclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-magnumclient&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-magnumclient&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-magnumclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-manilaclient&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-manilaclient&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-manilaclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-muranoclient&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-muranoclient&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-muranoclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-novaclient&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-novaclient&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-novaclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-openstackclient&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-openstackclient&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-openstackclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-os-brick&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-os-brick&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-os-brick&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-os-client-config&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-os-client-config&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-os-client-config&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.cache&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.cache&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.cache&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.concurrency&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.concurrency&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.concurrency&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.config&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.config&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.config&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.i18n&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.i18n&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.i18n&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.log&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.log&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.log&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.messaging&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.messaging&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.messaging&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.middleware&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.middleware&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.middleware&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.policy&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.policy&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.policy&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.privsep&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.privsep&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.privsep&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.reports&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.reports&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.reports&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslotest&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslotest&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslotest&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.utils&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.utils&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.utils&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.versionedobjects&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.versionedobjects&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.versionedobjects&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.vmware&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.vmware&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.vmware&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-os-vif&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-os-vif&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-os-vif&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-os-win&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-os-win&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-os-win&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-python-subunit&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-python-subunit&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-python-subunit&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-saharaclient&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-saharaclient&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-saharaclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-swiftclient&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-swiftclient&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-swiftclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-zaqarclient&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-zaqarclient&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-zaqarclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/supportutils-plugin-suse-openstack-cloud&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/supportutils-plugin-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/supportutils-plugin-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-freezer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-freezer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-monasca&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-swift&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208
>= 1.11, < 1.11.19+ 352 more
- (no CPE)range: >= 1.11, < 1.11.19
- (no CPE)range: < 4.2.14-1.1
- (no CPE)range: < 6.0-1.1
- (no CPE)range: < 3.2.7-2.3
- (no CPE)range: < 8.0+git.1553878455.7439e04-3.61.1
- (no CPE)range: < 8.0+git.1553878455.7439e04-3.61.1
- (no CPE)range: < 8.0+git.1534266594.8136db7-4.30.1
- (no CPE)range: < 8.0+git.1534266594.8136db7-4.30.1
- (no CPE)range: < 8.0+git.1534266612.44dcb20-3.12.1
- (no CPE)range: < 8.0+git.1534266612.44dcb20-3.12.1
- (no CPE)range: < 8.0+git.1534266629.0bb5d54-3.9.1
- (no CPE)range: < 8.0+git.1534266629.0bb5d54-3.9.1
- (no CPE)range: < 8.0+git.1558619942.6bd075c-3.36.1
- (no CPE)range: < 8.0+git.1558619942.6bd075c-3.36.1
- (no CPE)range: < 8.0+git.1534266734.ec4822f-3.33.1
- (no CPE)range: < 8.0+git.1534266734.ec4822f-3.33.1
- (no CPE)range: < 8.0+git.1550694449.df88054-3.38.1
- (no CPE)range: < 8.0+git.1550694449.df88054-3.38.1
- (no CPE)range: < 8.0+git.1555341117.d812d88-3.25.1
- (no CPE)range: < 8.0+git.1555341117.d812d88-3.25.1
- (no CPE)range: < 8.0+git.1558636763.f7f09ca-3.14.1
- (no CPE)range: < 8.0+git.1558636763.f7f09ca-3.14.1
- (no CPE)range: < 8.0+git.1534266805.c9ea29b-3.15.1
- (no CPE)range: < 8.0+git.1534266805.c9ea29b-3.15.1
- (no CPE)range: < 8.0+git.1555450219.97789ac-3.11.1
- (no CPE)range: < 8.0+git.1555450219.97789ac-3.11.1
- (no CPE)range: < 8.0+git.1555450207.a7d3bfe-3.12.1
- (no CPE)range: < 8.0+git.1555450207.a7d3bfe-3.12.1
- (no CPE)range: < 8.0+git.1554732431.8f9dd50-3.15.1
- (no CPE)range: < 8.0+git.1554732431.8f9dd50-3.15.1
- (no CPE)range: < 8.0+git.1557418274.fb273dd-3.27.1
- (no CPE)range: < 8.0+git.1557418274.fb273dd-3.27.1
- (no CPE)range: < 8.0+git.1534266893.1d69df7-3.6.1
- (no CPE)range: < 8.0+git.1534266893.1d69df7-3.6.1
- (no CPE)range: < 8.0+git.1554915846.db23473-3.24.1
- (no CPE)range: < 8.0+git.1554915846.db23473-3.24.1
- (no CPE)range: < 8.0+git.1544117621.1c9a954-3.18.1
- (no CPE)range: < 8.0+git.1544117621.1c9a954-3.18.1
- (no CPE)range: < 8.0+git.1555450198.c42dc52-3.6.1
- (no CPE)range: < 8.0+git.1555450198.c42dc52-3.6.1
- (no CPE)range: < 8.0+git.1551748668.7427826-1.18.1
- (no CPE)range: < 8.0+git.1551748668.7427826-1.18.1
- (no CPE)range: < 8.0+git.1534266982.498c352-3.6.1
- (no CPE)range: < 8.0+git.1534266982.498c352-3.6.1
- (no CPE)range: < 8.0+git.1557856965.bde9eb2-3.18.1
- (no CPE)range: < 8.0+git.1557856965.bde9eb2-3.18.1
- (no CPE)range: < 8.0+git.1534267017.4bbecd9-3.9.1
- (no CPE)range: < 8.0+git.1534267017.4bbecd9-3.9.1
- (no CPE)range: < 8.0+git.1549882721.b2e8873-3.13.1
- (no CPE)range: < 8.0+git.1549882721.b2e8873-3.13.1
- (no CPE)range: < 8.0+git.1557523208.81aa1da-3.30.1
- (no CPE)range: < 8.0+git.1557523208.81aa1da-3.30.1
- (no CPE)range: < 8.0+git.1559253853.bb932ea-3.29.1
- (no CPE)range: < 8.0+git.1559253853.bb932ea-3.29.1
- (no CPE)range: < 8.0+git.1557523035.ab44613-3.17.1
- (no CPE)range: < 8.0+git.1557523035.ab44613-3.17.1
- (no CPE)range: < 8.0+git.1534267103.829be13-3.10.1
- (no CPE)range: < 8.0+git.1534267103.829be13-3.10.1
- (no CPE)range: < 8.0+git.1537201508.68c32e6-3.16.1
- (no CPE)range: < 8.0+git.1537201508.68c32e6-3.16.1
- (no CPE)range: < 8.0+git.1557503482.852ec24-3.36.1
- (no CPE)range: < 8.0+git.1557503482.852ec24-3.36.1
- (no CPE)range: < 8.0+git.1544119019.e68516a-3.17.1
- (no CPE)range: < 8.0+git.1544119019.e68516a-3.17.1
- (no CPE)range: < 8.0+git.1551382173.a81d5e1-3.26.1
- (no CPE)range: < 8.0+git.1551382173.a81d5e1-3.26.1
- (no CPE)range: < 8.0+git.1554912320.73ad306-1.20.1
- (no CPE)range: < 8.0+git.1554912320.73ad306-1.20.1
- (no CPE)range: < 8.0+git.1539709555.5b31c25-3.12.1
- (no CPE)range: < 8.0+git.1539709555.5b31c25-3.12.1
- (no CPE)range: < 8.0+git.1551502730.f4d219d-3.27.1
- (no CPE)range: < 8.0+git.1551502730.f4d219d-3.27.1
- (no CPE)range: < 8.0+git.1557761054.b971c8f-3.21.1
- (no CPE)range: < 8.0+git.1557761054.b971c8f-3.21.1
- (no CPE)range: < 8.0+git.1534267264.6b1e899-3.6.1
- (no CPE)range: < 8.0+git.1534267264.6b1e899-3.6.1
- (no CPE)range: < 5.0-10.6.3
- (no CPE)range: < 5.0+git.1558533551.8d8ed2058-3.23.1
- (no CPE)range: < 5.0+git.1559282566.6b06ca3-3.17.1
- (no CPE)range: < 5.0+git.1559335140.62bb4c014-4.25.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 8.20190521-1.17.1
- (no CPE)range: < 5.1.1~dev7-3.11.2
- (no CPE)range: < 5.1.1~dev7-3.11.2
- (no CPE)range: < 5.1.1~dev7-3.11.2
- (no CPE)range: < 5.1.1~dev7-3.11.1
- (no CPE)range: < 5.1.1~dev7-3.11.1
- (no CPE)range: < 5.1.1~dev7-3.11.1
- (no CPE)range: < 5.0.2~dev3-3.14.2
- (no CPE)range: < 5.0.2~dev3-3.14.2
- (no CPE)range: < 5.0.2~dev3-3.14.2
- (no CPE)range: < 5.0.2~dev3-3.14.1
- (no CPE)range: < 5.0.2~dev3-3.14.1
- (no CPE)range: < 5.0.2~dev3-3.14.1
- (no CPE)range: < 9.0.8~dev7-3.12.2
- (no CPE)range: < 9.0.8~dev7-3.12.2
- (no CPE)range: < 9.0.8~dev7-3.12.2
- (no CPE)range: < 9.0.8~dev7-3.12.1
- (no CPE)range: < 9.0.8~dev7-3.12.1
- (no CPE)range: < 9.0.8~dev7-3.12.1
- (no CPE)range: < 11.2.3~dev5-3.15.2
- (no CPE)range: < 11.2.3~dev5-3.15.2
- (no CPE)range: < 11.2.3~dev5-3.15.2
- (no CPE)range: < 11.2.3~dev5-3.15.1
- (no CPE)range: < 11.2.3~dev5-3.15.1
- (no CPE)range: < 11.2.3~dev5-3.15.1
- (no CPE)range: < 12.0.4~dev6-3.20.2
- (no CPE)range: < 12.0.4~dev6-3.20.2
- (no CPE)range: < 12.0.4~dev6-3.20.2
- (no CPE)range: < 2017.2+git.1554906711.9dbe79b-7.11.1
- (no CPE)range: < 2017.2+git.1554906711.9dbe79b-7.11.1
- (no CPE)range: < 5.0.3~dev7-3.11.1
- (no CPE)range: < 5.0.3~dev7-3.11.1
- (no CPE)range: < 5.0.3~dev7-3.11.1
- (no CPE)range: < 5.0.3~dev7-3.11.1
- (no CPE)range: < 5.0.3~dev7-3.11.1
- (no CPE)range: < 5.0.3~dev7-3.11.1
- (no CPE)range: < 9.0.8~dev3-3.18.2
- (no CPE)range: < 9.0.8~dev3-3.18.2
- (no CPE)range: < 9.0.8~dev3-3.18.2
- (no CPE)range: < 9.0.8~dev3-3.18.2
- (no CPE)range: < 9.0.8~dev3-3.18.2
- (no CPE)range: < 9.0.8~dev3-3.18.2
- (no CPE)range: < 7.0.1~dev1-3.3.1
- (no CPE)range: < 7.0.1~dev1-3.3.1
- (no CPE)range: < 7.0.1~dev1-3.3.1
- (no CPE)range: < 9.0.1~dev10-3.9.1
- (no CPE)range: < 9.0.1~dev10-3.9.1
- (no CPE)range: < 9.0.1~dev10-3.9.1
- (no CPE)range: < 9.1.8~dev5-3.18.2
- (no CPE)range: < 9.1.8~dev5-3.18.2
- (no CPE)range: < 9.1.8~dev5-3.18.2
- (no CPE)range: < 9.1.8~dev5-3.18.1
- (no CPE)range: < 9.1.8~dev5-3.18.1
- (no CPE)range: < 9.1.8~dev5-3.18.1
- (no CPE)range: < 12.0.4~dev2-5.19.2
- (no CPE)range: < 12.0.4~dev2-5.19.2
- (no CPE)range: < 12.0.4~dev2-5.19.2
- (no CPE)range: < 12.0.4~dev2-5.19.1
- (no CPE)range: < 12.0.4~dev2-5.19.1
- (no CPE)range: < 12.0.4~dev2-5.19.1
- (no CPE)range: < 2.2.5~dev2-3.9.2
- (no CPE)range: < 2.2.5~dev2-3.9.2
- (no CPE)range: < 2.2.5~dev2-3.9.2
- (no CPE)range: < 2.2.1~dev26-3.12.2
- (no CPE)range: < 2.2.1~dev26-3.12.2
- (no CPE)range: < 2.2.1~dev26-3.12.2
- (no CPE)range: < 2.3.1~dev12-3.6.2
- (no CPE)range: < 2.3.1~dev12-3.6.2
- (no CPE)range: < 2.3.1~dev12-3.6.2
- (no CPE)range: < 11.0.9~dev28-3.18.2
- (no CPE)range: < 11.0.9~dev28-3.18.2
- (no CPE)range: < 11.0.9~dev28-3.18.2
- (no CPE)range: < 11.0.9~dev28-3.18.1
- (no CPE)range: < 11.0.9~dev28-3.18.1
- (no CPE)range: < 11.0.9~dev28-3.18.1
- (no CPE)range: < 11.0.3~dev1-3.14.1
- (no CPE)range: < 11.0.3~dev1-3.14.1
- (no CPE)range: < 11.0.3~dev1-3.14.1
- (no CPE)range: < 11.0.3~dev1-3.14.1
- (no CPE)range: < 11.0.3~dev1-3.14.1
- (no CPE)range: < 11.0.3~dev1-3.14.1
- (no CPE)range: < 7.3.1~dev28-3.3.1
- (no CPE)range: < 7.3.1~dev28-3.3.1
- (no CPE)range: < 7.3.1~dev28-3.3.1
- (no CPE)range: < 11.0.4~dev6-3.9.1
- (no CPE)range: < 11.0.4~dev6-3.9.1
- (no CPE)range: < 11.0.4~dev6-3.9.1
- (no CPE)range: < 11.0.4~dev6-3.9.1
- (no CPE)range: < 11.0.4~dev6-3.9.1
- (no CPE)range: < 11.0.4~dev6-3.9.1
- (no CPE)range: < 11.0.1~dev5-3.12.1
- (no CPE)range: < 11.0.1~dev5-3.12.1
- (no CPE)range: < 11.0.1~dev5-3.12.1
- (no CPE)range: < 11.0.1~dev5-3.12.1
- (no CPE)range: < 11.0.1~dev5-3.12.1
- (no CPE)range: < 11.0.1~dev5-3.12.1
- (no CPE)range: < 16.1.9~dev3-3.23.2
- (no CPE)range: < 16.1.9~dev3-3.23.2
- (no CPE)range: < 16.1.9~dev3-3.23.2
- (no CPE)range: < 16.1.9~dev3-3.23.1
- (no CPE)range: < 16.1.9~dev3-3.23.1
- (no CPE)range: < 16.1.9~dev3-3.23.1
- (no CPE)range: < 8.0.1~dev13-3.9.1
- (no CPE)range: < 8.0.1~dev13-3.9.1
- (no CPE)range: < 8.0.1~dev13-3.9.1
- (no CPE)range: < 8.0.1~dev13-3.9.1
- (no CPE)range: < 8.0.1~dev13-3.9.1
- (no CPE)range: < 8.0.1~dev13-3.9.1
- (no CPE)range: < 8.0+git.1534266236.fb1623c-6.9.1
- (no CPE)range: < 8.0+git.1534266236.fb1623c-6.9.1
- (no CPE)range: < 0.0.2+git.1541444073.4d3347c-3.6.1
- (no CPE)range: < 0.0.2+git.1541444073.4d3347c-3.6.1
- (no CPE)range: < 2.8.3-3.6.2
- (no CPE)range: < 2.8.3-3.6.2
- (no CPE)range: < 2.8.3-3.6.2
- (no CPE)range: < 1.11.20-3.3.1
- (no CPE)range: < 1.11.20-3.3.1
- (no CPE)range: < 1.11.20-3.7.1
- (no CPE)range: < 1.8.19-3.12.5
- (no CPE)range: < 1.11.20-3.7.1
- (no CPE)range: < 1.11.20-3.7.1
- (no CPE)range: < 1.5.1-3.3.2
- (no CPE)range: < 1.5.1-3.3.2
- (no CPE)range: < 1.5.1-3.3.2
- (no CPE)range: < 1.17.2-3.3.1
- (no CPE)range: < 1.17.2-3.3.1
- (no CPE)range: < 1.17.2-3.3.1
- (no CPE)range: < 2.7.1-3.3.1
- (no CPE)range: < 2.7.1-3.3.1
- (no CPE)range: < 2.7.1-3.3.1
- (no CPE)range: < 1.17.4-3.6.1
- (no CPE)range: < 1.17.4-3.6.1
- (no CPE)range: < 1.17.4-3.6.1
- (no CPE)range: < 0.14.1-3.3.1
- (no CPE)range: < 0.14.1-3.3.1
- (no CPE)range: < 0.14.1-3.3.1
- (no CPE)range: < 9.1.3-3.6.2
- (no CPE)range: < 9.1.3-3.6.2
- (no CPE)range: < 9.1.3-3.6.2
- (no CPE)range: < 3.12.2-3.3.1
- (no CPE)range: < 3.12.2-3.3.1
- (no CPE)range: < 3.12.2-3.3.1
- (no CPE)range: < 1.15.9-3.6.2
- (no CPE)range: < 1.15.9-3.6.2
- (no CPE)range: < 1.15.9-3.6.2
- (no CPE)range: < 1.28.1-3.3.1
- (no CPE)range: < 1.28.1-3.3.1
- (no CPE)range: < 1.28.1-3.3.1
- (no CPE)range: < 1.25.2-3.3.1
- (no CPE)range: < 1.25.2-3.3.1
- (no CPE)range: < 1.25.2-3.3.1
- (no CPE)range: < 3.21.2-3.3.1
- (no CPE)range: < 3.21.2-3.3.1
- (no CPE)range: < 3.21.2-3.3.1
- (no CPE)range: < 4.11.2-3.3.1
- (no CPE)range: < 4.11.2-3.3.1
- (no CPE)range: < 4.11.2-3.3.1
- (no CPE)range: < 3.17.2-3.3.2
- (no CPE)range: < 3.17.2-3.3.2
- (no CPE)range: < 3.17.2-3.3.2
- (no CPE)range: < 3.30.3-3.3.1
- (no CPE)range: < 3.30.3-3.3.1
- (no CPE)range: < 3.30.3-3.3.1
- (no CPE)range: < 5.30.8-3.8.1
- (no CPE)range: < 5.30.8-3.8.1
- (no CPE)range: < 5.30.8-3.8.1
- (no CPE)range: < 3.30.2-3.3.1
- (no CPE)range: < 3.30.2-3.3.1
- (no CPE)range: < 3.30.2-3.3.1
- (no CPE)range: < 1.25.4-3.6.1
- (no CPE)range: < 1.25.4-3.6.1
- (no CPE)range: < 1.25.4-3.6.1
- (no CPE)range: < 1.22.2-3.3.1
- (no CPE)range: < 1.22.2-3.3.1
- (no CPE)range: < 1.22.2-3.3.1
- (no CPE)range: < 1.22.2-3.3.1
- (no CPE)range: < 1.22.2-3.3.1
- (no CPE)range: < 1.22.2-3.3.1
- (no CPE)range: < 2.17.2-3.3.1
- (no CPE)range: < 2.17.2-3.3.1
- (no CPE)range: < 2.17.2-3.3.1
- (no CPE)range: < 3.28.4-3.6.1
- (no CPE)range: < 3.28.4-3.6.1
- (no CPE)range: < 3.28.4-3.6.1
- (no CPE)range: < 1.26.3-3.6.1
- (no CPE)range: < 1.26.3-3.6.1
- (no CPE)range: < 1.26.3-3.6.1
- (no CPE)range: < 2.23.2-3.3.1
- (no CPE)range: < 2.23.2-3.3.1
- (no CPE)range: < 2.23.2-3.3.1
- (no CPE)range: < 1.7.2-3.3.2
- (no CPE)range: < 1.7.2-3.3.2
- (no CPE)range: < 1.7.2-3.3.2
- (no CPE)range: < 2.2.1-3.3.1
- (no CPE)range: < 2.2.1-3.3.1
- (no CPE)range: < 2.2.1-3.3.1
- (no CPE)range: < 1.2.0-4.3.1
- (no CPE)range: < 1.2.0-4.3.1
- (no CPE)range: < 1.2.0-4.3.1
- (no CPE)range: < 1.3.1-3.3.1
- (no CPE)range: < 1.3.1-3.3.1
- (no CPE)range: < 1.3.1-3.3.1
- (no CPE)range: < 3.4.1-3.3.1
- (no CPE)range: < 3.4.1-3.3.1
- (no CPE)range: < 3.4.1-3.3.1
- (no CPE)range: < 1.7.1-3.3.1
- (no CPE)range: < 1.7.1-3.3.1
- (no CPE)range: < 1.7.1-3.3.1
- (no CPE)range: < 8.0.1551262227.7a7deb6-3.3.1
- (no CPE)range: < 8.0.1551262227.7a7deb6-3.3.1
- (no CPE)range: < 8.0.1551262227.7a7deb6-3.3.1
- (no CPE)range: < 5.1.1~dev7-12.16.1
- (no CPE)range: < 5.1.1~dev7-12.16.1
- (no CPE)range: < 5.0.2~dev3-12.17.1
- (no CPE)range: < 5.0.2~dev3-12.17.1
- (no CPE)range: < 9.0.8~dev7-12.14.1
- (no CPE)range: < 9.0.8~dev7-12.14.1
- (no CPE)range: < 11.2.3~dev5-14.17.1
- (no CPE)range: < 11.2.3~dev5-14.17.1
- (no CPE)range: < 5.0.3~dev7-12.15.1
- (no CPE)range: < 5.0.3~dev7-12.15.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.12.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.12.1
- (no CPE)range: < 15.0.2~dev9-12.15.1
- (no CPE)range: < 15.0.2~dev9-12.15.1
- (no CPE)range: < 9.0.8~dev3-12.17.1
- (no CPE)range: < 9.0.8~dev3-12.17.1
- (no CPE)range: < 12.0.4~dev6-14.22.1
- (no CPE)range: < 12.0.4~dev6-14.22.1
- (no CPE)range: < 9.1.8~dev5-12.17.1
- (no CPE)range: < 9.1.8~dev5-12.17.1
- (no CPE)range: < 12.0.4~dev2-11.17.1
- (no CPE)range: < 12.0.4~dev2-11.17.1
- (no CPE)range: < 5.0.2-11.15.1
- (no CPE)range: < 5.0.2-11.15.1
- (no CPE)range: < 5.0.4~dev17-12.19.1
- (no CPE)range: < 5.0.4~dev17-12.19.1
- (no CPE)range: < 1.5.1-8.11.1
- (no CPE)range: < 1.5.1-8.11.1
- (no CPE)range: < 2.2.1-11.13.1
- (no CPE)range: < 2.2.1-11.13.1
- (no CPE)range: < 4.0.1-12.11.1
- (no CPE)range: < 4.0.1-12.11.1
- (no CPE)range: < 11.0.2-13.19.1
- (no CPE)range: < 11.0.2-13.19.1
- (no CPE)range: < 16.1.9~dev3-11.18.1
- (no CPE)range: < 16.1.9~dev3-11.18.1
- (no CPE)range: < 1.0.5~dev1-12.17.1
- (no CPE)range: < 1.0.5~dev1-12.17.1
- (no CPE)range: < 7.0.4~dev1-11.16.1
- (no CPE)range: < 7.0.4~dev1-11.16.1
- (no CPE)range: < 2.15.2-11.11.1
- (no CPE)range: < 2.15.2-11.11.1
- (no CPE)range: < 8.0.1~dev13-11.16.1
- (no CPE)range: < 8.0.1~dev13-11.16.1

Patches

1cdba624d55d

[1.11.x] Bumped version for 1.11.19 release.

https://github.com/django/djangoCarlton GibsonFeb 11, 2019via osv

commit

1 file changed · +1 −1

django/__init__.py+1 −1 modified

@@ -2,7 +2,7 @@
 
 from django.utils.version import get_version
 
-VERSION = (1, 11, 19, 'alpha', 0)
+VERSION = (1, 11, 19, 'final', 0)
 
 __version__ = get_version(VERSION)

be439e58768c

[2.0.x] Bumped version for 2.0.11 release.

https://github.com/django/djangoCarlton GibsonFeb 11, 2019via osv

commit

1 file changed · +1 −1

django/__init__.py+1 −1 modified

@@ -1,6 +1,6 @@
 from django.utils.version import get_version
 
-VERSION = (2, 0, 11, 'alpha', 0)
+VERSION = (2, 0, 11, 'final', 0)
 
 __version__ = get_version(VERSION)

79a6e7798fec

[2.1.x] Bumped version for 2.1.6 release.

https://github.com/django/djangoCarlton GibsonFeb 11, 2019via osv

commit

1 file changed · +1 −1

django/__init__.py+1 −1 modified

@@ -1,6 +1,6 @@
 from django.utils.version import get_version
 
-VERSION = (2, 1, 6, 'alpha', 0)
+VERSION = (2, 1, 6, 'final', 0)
 
 __version__ = get_version(VERSION)

0bbb560183fa

[1.11.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format().

https://github.com/django/djangoCarlton GibsonFeb 11, 2019via ghsa

commit

3 files changed · +44 −1

django/utils/numberformat.py+14 −1 modified

@@ -30,7 +30,20 @@ def format(number, decimal_sep, decimal_pos=None, grouping=0, thousand_sep='',
     # sign
     sign = ''
     if isinstance(number, Decimal):
-        str_number = '{:f}'.format(number)
+        # Format values with more than 200 digits (an arbitrary cutoff) using
+        # scientific notation to avoid high memory usage in {:f}'.format().
+        _, digits, exponent = number.as_tuple()
+        if abs(exponent) + len(digits) > 200:
+            number = '{:e}'.format(number)
+            coefficient, exponent = number.split('e')
+            # Format the coefficient.
+            coefficient = format(
+                coefficient, decimal_sep, decimal_pos, grouping,
+                thousand_sep, force_grouping,
+            )
+            return '{}e{}'.format(coefficient, exponent)
+        else:
+            str_number = '{:f}'.format(number)
     else:
         str_number = six.text_type(number)
     if str_number[0] == '-':

docs/releases/1.11.19.txt+12 −0 modified

@@ -5,3 +5,15 @@ Django 1.11.19 release notes
 *February 11, 2019*
 
 Django 1.11.19 fixes a security issue in 1.11.18.
+
+CVE-2019-6975: Memory exhaustion in ``django.utils.numberformat.format()``
+--------------------------------------------------------------------------
+
+If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well
+as the the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates
+filters -- received a ``Decimal`` with a large number of digits or a large
+exponent, it could lead to significant memory usage due to a call to
+``'{:f}'.format()``.
+
+To avoid this, decimals with more than 200 digits are now formatted using
+scientific notation.

tests/utils_tests/test_numberformat.py+18 −0 modified

@@ -60,6 +60,24 @@ def test_decimal_numbers(self):
         self.assertEqual(nformat(Decimal('1234'), '.', grouping=2, thousand_sep=',', force_grouping=True), '12,34')
         self.assertEqual(nformat(Decimal('-1234.33'), '.', decimal_pos=1), '-1234.3')
         self.assertEqual(nformat(Decimal('0.00000001'), '.', decimal_pos=8), '0.00000001')
+        # Very large & small numbers.
+        tests = [
+            ('9e9999', None, '9e+9999'),
+            ('9e9999', 3, '9.000e+9999'),
+            ('9e201', None, '9e+201'),
+            ('9e200', None, '9e+200'),
+            ('1.2345e999', 2, '1.23e+999'),
+            ('9e-999', None, '9e-999'),
+            ('1e-7', 8, '0.00000010'),
+            ('1e-8', 8, '0.00000001'),
+            ('1e-9', 8, '0.00000000'),
+            ('1e-10', 8, '0.00000000'),
+            ('1e-11', 8, '0.00000000'),
+            ('1' + ('0' * 300), 3, '1.000e+300'),
+            ('0.{}1234'.format('0' * 299), 3, '1.234e-300'),
+        ]
+        for value, decimal_pos, expected_value in tests:
+            self.assertEqual(nformat(Decimal(value), '.', decimal_pos), expected_value)
 
     def test_decimal_subclass(self):
         class EuroDecimal(Decimal):

1f42f82566c9

[2.0.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format().

https://github.com/django/djangoCarlton GibsonFeb 11, 2019via ghsa

commit

4 files changed · +57 −1

django/utils/numberformat.py+14 −1 modified

@@ -27,7 +27,20 @@ def format(number, decimal_sep, decimal_pos=None, grouping=0, thousand_sep='',
     # sign
     sign = ''
     if isinstance(number, Decimal):
-        str_number = '{:f}'.format(number)
+        # Format values with more than 200 digits (an arbitrary cutoff) using
+        # scientific notation to avoid high memory usage in {:f}'.format().
+        _, digits, exponent = number.as_tuple()
+        if abs(exponent) + len(digits) > 200:
+            number = '{:e}'.format(number)
+            coefficient, exponent = number.split('e')
+            # Format the coefficient.
+            coefficient = format(
+                coefficient, decimal_sep, decimal_pos, grouping,
+                thousand_sep, force_grouping, use_l10n,
+            )
+            return '{}e{}'.format(coefficient, exponent)
+        else:
+            str_number = '{:f}'.format(number)
     else:
         str_number = str(number)
     if str_number[0] == '-':

docs/releases/1.11.19.txt+12 −0 modified

@@ -5,3 +5,15 @@ Django 1.11.19 release notes
 *February 11, 2019*
 
 Django 1.11.19 fixes a security issue in 1.11.18.
+
+CVE-2019-6975: Memory exhaustion in ``django.utils.numberformat.format()``
+--------------------------------------------------------------------------
+
+If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well
+as the the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates
+filters -- received a ``Decimal`` with a large number of digits or a large
+exponent, it could lead to significant memory usage due to a call to
+``'{:f}'.format()``.
+
+To avoid this, decimals with more than 200 digits are now formatted using
+scientific notation.

docs/releases/2.0.11.txt+12 −0 modified

@@ -5,3 +5,15 @@ Django 2.0.11 release notes
 *February 11, 2019*
 
 Django 2.0.11 fixes a security issue in 2.0.10.
+
+CVE-2019-6975: Memory exhaustion in ``django.utils.numberformat.format()``
+--------------------------------------------------------------------------
+
+If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well
+as the the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates
+filters -- received a ``Decimal`` with a large number of digits or a large
+exponent, it could lead to significant memory usage due to a call to
+``'{:f}'.format()``.
+
+To avoid this, decimals with more than 200 digits are now formatted using
+scientific notation.

tests/utils_tests/test_numberformat.py+19 −0 modified

@@ -75,6 +75,25 @@ def test_decimal_numbers(self):
         )
         self.assertEqual(nformat(Decimal('3.'), '.'), '3')
         self.assertEqual(nformat(Decimal('3.0'), '.'), '3.0')
+        # Very large & small numbers.
+        tests = [
+            ('9e9999', None, '9e+9999'),
+            ('9e9999', 3, '9.000e+9999'),
+            ('9e201', None, '9e+201'),
+            ('9e200', None, '9e+200'),
+            ('1.2345e999', 2, '1.23e+999'),
+            ('9e-999', None, '9e-999'),
+            ('1e-7', 8, '0.00000010'),
+            ('1e-8', 8, '0.00000001'),
+            ('1e-9', 8, '0.00000000'),
+            ('1e-10', 8, '0.00000000'),
+            ('1e-11', 8, '0.00000000'),
+            ('1' + ('0' * 300), 3, '1.000e+300'),
+            ('0.{}1234'.format('0' * 299), 3, '1.234e-300'),
+        ]
+        for value, decimal_pos, expected_value in tests:
+            with self.subTest(value=value):
+                self.assertEqual(nformat(Decimal(value), '.', decimal_pos), expected_value)
 
     def test_decimal_subclass(self):
         class EuroDecimal(Decimal):

40cd19055773

[2.1.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format().

https://github.com/django/djangoCarlton GibsonFeb 11, 2019via ghsa

commit

5 files changed · +69 −1

django/utils/numberformat.py+14 −1 modified

@@ -27,7 +27,20 @@ def format(number, decimal_sep, decimal_pos=None, grouping=0, thousand_sep='',
     # sign
     sign = ''
     if isinstance(number, Decimal):
-        str_number = '{:f}'.format(number)
+        # Format values with more than 200 digits (an arbitrary cutoff) using
+        # scientific notation to avoid high memory usage in {:f}'.format().
+        _, digits, exponent = number.as_tuple()
+        if abs(exponent) + len(digits) > 200:
+            number = '{:e}'.format(number)
+            coefficient, exponent = number.split('e')
+            # Format the coefficient.
+            coefficient = format(
+                coefficient, decimal_sep, decimal_pos, grouping,
+                thousand_sep, force_grouping, use_l10n,
+            )
+            return '{}e{}'.format(coefficient, exponent)
+        else:
+            str_number = '{:f}'.format(number)
     else:
         str_number = str(number)
     if str_number[0] == '-':

docs/releases/1.11.19.txt+12 −0 modified

@@ -5,3 +5,15 @@ Django 1.11.19 release notes
 *February 11, 2019*
 
 Django 1.11.19 fixes a security issue in 1.11.18.
+
+CVE-2019-6975: Memory exhaustion in ``django.utils.numberformat.format()``
+--------------------------------------------------------------------------
+
+If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well
+as the the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates
+filters -- received a ``Decimal`` with a large number of digits or a large
+exponent, it could lead to significant memory usage due to a call to
+``'{:f}'.format()``.
+
+To avoid this, decimals with more than 200 digits are now formatted using
+scientific notation.

docs/releases/2.0.11.txt+12 −0 modified

@@ -5,3 +5,15 @@ Django 2.0.11 release notes
 *February 11, 2019*
 
 Django 2.0.11 fixes a security issue in 2.0.10.
+
+CVE-2019-6975: Memory exhaustion in ``django.utils.numberformat.format()``
+--------------------------------------------------------------------------
+
+If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well
+as the the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates
+filters -- received a ``Decimal`` with a large number of digits or a large
+exponent, it could lead to significant memory usage due to a call to
+``'{:f}'.format()``.
+
+To avoid this, decimals with more than 200 digits are now formatted using
+scientific notation.

docs/releases/2.1.6.txt+12 −0 modified

@@ -6,6 +6,18 @@ Django 2.1.6 release notes
 
 Django 2.1.6 fixes a security issue and a bug in 2.1.5.
 
+CVE-2019-6975: Memory exhaustion in ``django.utils.numberformat.format()``
+--------------------------------------------------------------------------
+
+If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well
+as the the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates
+filters -- received a ``Decimal`` with a large number of digits or a large
+exponent, it could lead to significant memory usage due to a call to
+``'{:f}'.format()``.
+
+To avoid this, decimals with more than 200 digits are now formatted using
+scientific notation.
+
 Bugfixes
 ========

tests/utils_tests/test_numberformat.py+19 −0 modified

@@ -80,6 +80,25 @@ def test_decimal_numbers(self):
         )
         self.assertEqual(nformat(Decimal('3.'), '.'), '3')
         self.assertEqual(nformat(Decimal('3.0'), '.'), '3.0')
+        # Very large & small numbers.
+        tests = [
+            ('9e9999', None, '9e+9999'),
+            ('9e9999', 3, '9.000e+9999'),
+            ('9e201', None, '9e+201'),
+            ('9e200', None, '9e+200'),
+            ('1.2345e999', 2, '1.23e+999'),
+            ('9e-999', None, '9e-999'),
+            ('1e-7', 8, '0.00000010'),
+            ('1e-8', 8, '0.00000001'),
+            ('1e-9', 8, '0.00000000'),
+            ('1e-10', 8, '0.00000000'),
+            ('1e-11', 8, '0.00000000'),
+            ('1' + ('0' * 300), 3, '1.000e+300'),
+            ('0.{}1234'.format('0' * 299), 3, '1.234e-300'),
+        ]
+        for value, decimal_pos, expected_value in tests:
+            with self.subTest(value=value):
+                self.assertEqual(nformat(Decimal(value), '.', decimal_pos), expected_value)
 
     def test_decimal_subclass(self):
         class EuroDecimal(Decimal):

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-wh4h-v3f2-r2ppghsaADVISORY
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/mitrevendor-advisoryx_refsource_FEDORA
nvd.nist.gov/vuln/detail/CVE-2019-6975ghsaADVISORY
usn.ubuntu.com/3890-1/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2019/dsa-4476ghsavendor-advisoryx_refsource_DEBIANWEB
www.securityfocus.com/bid/106964mitrevdb-entryx_refsource_BID
docs.djangoproject.com/en/dev/releases/securityghsaWEB
docs.djangoproject.com/en/dev/releases/security/mitrex_refsource_MISC
github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227ghsaWEB
github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676ghsaWEB
github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3ghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-18.yamlghsaWEB
groups.google.com/forum/ghsaWEB
groups.google.com/forum/mitrex_refsource_MISC
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCUghsaWEB
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZghsaWEB
seclists.org/bugtraq/2019/Jul/10ghsamailing-listx_refsource_BUGTRAQWEB
usn.ubuntu.com/3890-1ghsaWEB
web.archive.org/web/20200227084713/http://www.securityfocus.com/bid/106964ghsaWEB
www.djangoproject.com/weblog/2019/feb/11/security-releasesghsaWEB
www.djangoproject.com/weblog/2019/feb/11/security-releases/mitrex_refsource_MISC
www.openwall.com/lists/oss-security/2019/02/11/1ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.011
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000