Описание
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 3:4.2.17-2 |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | released | 1:1.11.11-1ubuntu1.21+esm8 |
| esm-infra/focal | not-affected | 2:2.2.12-1ubuntu0.26 |
| esm-infra/xenial | released | 1.8.7-1ubuntu5.15+esm8 |
| focal | released | 2:2.2.12-1ubuntu0.26 |
| jammy | released | 2:3.2.12-2ubuntu1.15 |
| noble | released | 3:4.2.11-1ubuntu1.4 |
| oracular | released | 3:4.2.15-1ubuntu1.1 |
| plucky | released | 3:4.2.17-2 |
Показывать по
EPSS
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, ...
Django denial-of-service in django.utils.html.strip_tags()
Уязвимость функции strip_tags() модуля django.utils.html программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3