Vulnerability CVE-2024-53907: Information
Description
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
python3-module-django | sisyphus | 5.0.10-alt1 | 5.1.5-alt1 | ALT-PU-2024-17323-2 | 365393 | Fixed |
python3-module-django | sisyphus_e2k | 4.2.17-alt1 | 4.2.17-alt1 | ALT-PU-2024-17562-1 | - | Fixed |
python3-module-django | sisyphus_riscv64 | 5.0.10-alt1 | 5.1.5-alt1 | ALT-PU-2024-17444-1 | - | Fixed |
python3-module-django | sisyphus_loongarch64 | 5.0.10-alt1 | 5.1.5-alt1 | ALT-PU-2024-17435-1 | - | Fixed |
python3-module-django | p11 | 4.2.17-alt1 | 4.2.18-alt1 | ALT-PU-2024-17274-3 | 365392 | Fixed |