Django denial-of-service in django.utils.html.strip_tags()

🗓️ 06 Dec 2024 12:30:47Reported by GitHub Advisory DatabaseType

Django versions before 5.1.4, 5.0.10, and 4.2.17 are vulnerable to denial-of-service attacks.

Reporter	Title	Published	Views	Family All 93
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-45231	12 Mar 202521:43	–	ibm
IBM Security Bulletins	Security Bulletin: Denial of service, SQL injection, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service	24 Feb 202523:37	–	ibm
AlpineLinux	CVE-2024-53907	6 Dec 202400:00	–	alpinelinux
AstraLinux	Astra Linux - уязвимость в python-django	3 May 202623:59	–	astralinux
Chainguard	CVE-2024-53907 vulnerabilities	6 Dec 202412:15	–	cgr
Circl	CVE-2024-53907	6 Dec 202411:48	–	circl
CNNVD	Django 安全漏洞	4 Dec 202400:00	–	cnnvd
CVE	CVE-2024-53907	6 Dec 202400:00	–	cve
Cvelist	CVE-2024-53907	6 Dec 202400:00	–	cvelist
Debian	[BSA-121] Security Update for python-django	5 Feb 202510:36	–	debian

Vulners

Node

django_project djangoRange4.2–4.2.17pip

django_project djangoRange5.0–5.0.10pip

django_project djangoRange5.0.0–5.0.10pip

django_project djangoRange4.2.0–4.2.17pip

django_project djangoRange5.1.0–5.1.4pip

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-53907
docs	www.docs.djangoproject.com/en/dev/releases/security
groups	www.groups.google.com/g/django-announce
openwall	www.openwall.com/lists/oss-security/2024/12/04/3
djangoproject	www.djangoproject.com/weblog/2024/dec/04/security-releases
lists	www.lists.debian.org/debian-lts-announce/2024/12/msg00028.html
github	www.github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml
github	www.github.com/advisories/GHSA-8498-2h75-472j

14 Jan 2025 15:59Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.17.5

EPSS0.01038

SSVC