Vulnerability CVE-2024-53907: Information

Description

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.

Published: Dec. 6, 2024
Modified: Dec. 31, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
python3-module-djangosisyphus5.0.10-alt15.1.5-alt1ALT-PU-2024-17323-2365393Fixed
python3-module-djangosisyphus_e2k4.2.17-alt14.2.17-alt1ALT-PU-2024-17562-1-Fixed
python3-module-djangosisyphus_riscv645.0.10-alt15.1.5-alt1ALT-PU-2024-17444-1-Fixed
python3-module-djangosisyphus_loongarch645.0.10-alt15.1.5-alt1ALT-PU-2024-17435-1-Fixed
python3-module-djangop114.2.17-alt14.2.18-alt1ALT-PU-2024-17274-3365392Fixed

References to Advisories, Solutions, and Tools