Developers behind Django have pushed out a new build of the software that fixes a handful of security issues, including a denial of service vulnerability in the authentication framework. The main problem with Django lies in how it authenticates users and passwords. Django doesn t store the raw password in its database, it stores a hashed version of it that is computed at each log-in attempt. Attackers can repeatedly submit large passwords and overwhelm Django s servers in the expensive computation of the corresponding hashes
Source: https://threatpost.com/patches-for-django-framework-fix-dos-vulnerability/102323/