Django Improper Input Validation Vulnerability - CVE-2010-4535

The password reset functionality in django.contrib.auth in Django before 1.1.3 1.2.x before 1.2.4 and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.