Описание
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
Ссылки
- Release Notes
- Mailing List
- Vendor Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
Связанные уязвимости
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, ...
EPSS
5.3 Medium
CVSS3
7.5 High
CVSS3