Описание
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
A vulnerability was found in the Django Web Framework. The strip_tags() and stripbtags template filter may be vulnerable to a potential denial of service (DoS) in cases of a large sequence of nested incomplete HTML entities.
Отчет
This vulnerability is rated as a Moderate severity because it exposes the strip_tags() method and striptags template filter to a potential denial-of-service attack, malicious input containing large sequences of nested incomplete HTML entities could cause excessive processing, but it does not affect data confidentiality or integrity
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-dellemc-openmanage-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | python-django | Affected | ||
| Discovery 1 for RHEL 9 | discovery/discovery-server-rhel9 | Fixed | RHSA-2025:1249 | 10.02.2025 |
| Discovery 1 for RHEL 9 | discovery/discovery-ui-rhel9 | Fixed | RHSA-2025:1249 | 10.02.2025 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | ansible-automation-platform-24/aap-cloud-billing-rhel8 | Fixed | RHSA-2024:11144 | 16.12.2024 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | ansible-automation-platform-24/aap-cloud-billing-rhel8-operator | Fixed | RHSA-2024:11144 | 16.12.2024 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | ansible-automation-platform-24/aap-cloud-metrics-collector-rhel8 | Fixed | RHSA-2024:11144 | 16.12.2024 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | ansible-automation-platform-24/aap-cloud-ui-rhel8 | Fixed | RHSA-2024:11144 | 16.12.2024 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | ansible-automation-platform-24/aap-cloud-ui-rhel8-operator | Fixed | RHSA-2024:11144 | 16.12.2024 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | ansible-automation-platform-24/aap-must-gather-rhel8 | Fixed | RHSA-2024:11144 | 16.12.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, ...
Django denial-of-service in django.utils.html.strip_tags()
Уязвимость функции strip_tags() модуля django.utils.html программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3