Описание
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
Отчет
This issue affects the versions of python-django as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and 3, as it contains the vulnerable code. This issue affects Red Hat Update Infrastructure for Cloud Providers, but the vulnerable functions in python-django are currently not used in any part of the Product. This issue does not affect Red Hat Satellite as the vulnerable functions in python-django are not used. Red Hat OpenStack Platform:
- This issue affects all versions of python-django shipped with Red Hat Openstack Platform versions 9-15, as it contains the vulnerable code.
- Because the flaw's impact is Medium, it will not be fixed in Red Hat Openstack Platform 9 which is retiring on 8/24.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | calamari-server | Not affected | ||
| Red Hat Ceph Storage 2 | python-django | Affected | ||
| Red Hat Ceph Storage 3 | python-django | Affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 7 | python-django | Affected | ||
| Red Hat OpenStack Platform 10 (Newton) | python-django | Will not fix | ||
| Red Hat OpenStack Platform 14 (Rocky) | python-django | Out of support scope | ||
| Red Hat OpenStack Platform 9 (Mitaka) | python-django | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) Operational Tools | python-django | Will not fix | ||
| Red Hat Satellite 6 | python-django | Not affected | ||
| Red Hat Storage 3 | python-django | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...
Уязвимость модуля HTMLParser функции django.utils.html.strip_tags фреймворка для веб-разработки Django, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3