Описание
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:1.11.11-1ubuntu1.5 |
| devel | released | 1:1.11.22-1ubuntu1 |
| disco | released | 1:1.11.20-1ubuntu0.2 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | not-affected | 1:1.11.11-1ubuntu1.5 |
| esm-infra/focal | not-affected | 1:1.11.22-1ubuntu1 |
| esm-infra/xenial | not-affected | 1.8.7-1ubuntu5.10 |
| focal | released | 1:1.11.22-1ubuntu1 |
| jammy | released | 1:1.11.22-1ubuntu1 |
| kinetic | released | 1:1.11.22-1ubuntu1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...
Уязвимость модуля HTMLParser функции django.utils.html.strip_tags фреймворка для веб-разработки Django, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2
7.5 High
CVSS3