Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Mageia 9: 2025-0153 Moderate Security Risk in Django Can Lead to DoS

mageia
Calendar Grey May 11, 2025
Dist Mageia Esm H88
Django releases before 4.2.21 are vulnerable to a Denial of Service threat due to improperly closed HTML tags. It's recommended to update to the latest secure versions.
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1

Summary

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). (CVE-2025-32873)

References

- https://bugs.mageia.org/show_bug.cgi?id=34259

- https://ubuntu.com/security/notices/USN-7501-1

- https://www.cve.org/CVERecord?id=CVE-2025-32873

Topics%20covered

Topics Covered

security advisory security issue python denial-of-service django Mageia

Resolution

SRPMS

- 9/core/python-django-4.1.13-1.4.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 11 May 2025
URL: https://advisories.mageia.org/MGASA-2025-0153.html
Type: security
CVE: CVE-2025-32873

Topics%20covered

Topics Covered

security advisory security issue python denial-of-service django Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here