- Description
- An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- cve@mitre.org
- CWE-770
- Hype score
- Not currently trending
URGENT: Fedora 42 Django security update! 🔹 Fixes CVE-2025-32873 (strip_tags() DoS) 🔹 Patches CVE-2025-48432 (log injection) Update NOW: Read more: 👉 https://t.co/iKuOxnqzDi #LinuxSecurity #WebSecurity #SysAdmin https://t.co/foeoBK4cAC
@Cezar_H_Linux
19 Jun 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Urgent: #Fedora41 Django security update fixes: 🔴 CVE-2025-32873 - DoS in strip_tags() 🔴 CVE-2025-48432 - Log injection risk Update NOW: sudo dnf upgrade --advisory FEDORA-2025-2dff80a8a3 Read more: 👉 https://t.co/geh4cYKrAb #CyberSecurity #Django https://t.co/5IBgGVJ
@Cezar_H_Linux
19 Jun 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent Django Patch Alert! CVE-2025-32873 (CVSS 5.9) lets attackers crash systems via strip_tags(). SUSE Linux 15 SP7 users: Patch now with: zypper in -t patch [code] Details: 👉https://t.co/i8cl7VtoP1 #Linux #DevSecOps https://t.co/gtNktKzw1S
@Cezar_H_Linux
26 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🐍Pythonistas! 🌟Just a quick PSA: the trusty Django team is releasing updates: 5.2.1, 5.1.9, and 4.2.21! 𝗧𝗵𝗲 𝘀𝘁𝗮𝗿𝗸𝗮𝗹𝘁𝘆 🛑 CVE-2025-32873! A moderately severe DoS vulnerability in strip_tags() has been patched. #DjangoSecurity 👉Upgrad
@SimpliPy
14 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32873 CVE-2025-32873 https://t.co/x8h9V96jb4
@VulmonFeeds
7 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "101C65E4-566E-4B85-9C4B-7ED32B0713BD",
"versionEndExcluding": "4.2.21",
"versionStartIncluding": "4.2.0"
},
{
"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A87163B0-95FF-4F8F-9D6A-24DBE914CE93",
"versionEndExcluding": "5.1.9",
"versionStartIncluding": "5.1"
},
{
"criteria": "cpe:2.3:a:djangoproject:django:5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B2D6B37-4BCA-4431-8A03-6BDC7B2BD42D"
}
],
"operator": "OR"
}
]
}
]