{"id":"CVE-2013-0306","details":"The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.","aliases":["GHSA-g8xg-jgj6-49r3","PYSEC-2013-17"],"modified":"2026-04-10T03:42:39.462561Z","published":"2013-05-02T14:55:05Z","references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-0670.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2013/dsa-2634"},{"type":"ADVISORY","url":"https://www.djangoproject.com/weblog/2013/feb/19/security/"},{"type":"WEB","url":"http://ubuntu.com/usn/usn-1757-1"}],"schema_version":"1.7.5"}