Описание
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
Релиз | Статус | Примечание |
---|---|---|
devel | released | 3:4.2.18-1ubuntu1.1 |
esm-infra-legacy/trusty | needs-triage | |
esm-infra/bionic | released | 1:1.11.11-1ubuntu1.21+esm11 |
esm-infra/focal | not-affected | 2:2.2.12-1ubuntu0.29 |
esm-infra/xenial | needs-triage | |
focal | released | 2:2.2.12-1ubuntu0.29 |
jammy | released | 2:3.2.12-2ubuntu1.18 |
noble | released | 3:4.2.11-1ubuntu1.7 |
oracular | released | 3:4.2.15-1ubuntu1.4 |
plucky | released | 3:4.2.18-1ubuntu1.1 |
Показывать по
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, ...
EPSS
5.3 Medium
CVSS3