CVE-2025-32873

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-32873

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32873.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-32873

Aliases

Related

Published

2025-05-08T04:17:18Z

Modified

2025-06-18T15:41:59.060544Z

Downstream

DLA-4210-1

SUSE-SU-2025:01523-1

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of striptags().

References

Affected packages

Debian:11 / python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:2.2.28-1~deb11u7

Affected versions

2:2.*

2:2.2.24-1

2:2.2.25-1~deb11u1

2:2.2.26-1~deb11u1

2:2.2.28-1~deb11u1

2:2.2.28-1~deb11u2

2:2.2.28-1~deb11u3

2:2.2.28-1~deb11u4

2:2.2.28-1~deb11u5

2:2.2.28-1~deb11u6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3:3.*

3:3.2.19-1

3:3.2.19-1+deb12u1~bpo11+1

3:3.2.19-1+deb12u1

3:3.2.19-1+deb12u2

3:3.2.20-1

3:3.2.20-1.1

3:3.2.21-1

3:4.*

3:4.1-1

3:4.1.1-1

3:4.1.2-1

3:4.1.3-1

3:4.1.4-1

3:4.1.5-1

3:4.2~alpha1-1

3:4.2~beta1-1

3:4.2~rc1-1

3:4.2-1

3:4.2.1-1

3:4.2.2-1

3:4.2.3-1

3:4.2.4-1

3:4.2.5-1

3:4.2.5-2

3:4.2.6-1

3:4.2.8-1

3:4.2.9-1

3:4.2.10-1

3:4.2.11-1

3:4.2.13-1

3:4.2.14-1

3:4.2.15-1~bpo12+1

3:4.2.15-1

3:4.2.16-1

3:4.2.17-1

3:4.2.17-2

3:4.2.18-1~bpo12+1

3:4.2.18-1

3:4.2.19-1~bpo12+1

3:4.2.19-1

3:4.2.20-1~bpo12+1

3:4.2.20-1

3:4.2.21-1~bpo12+1

3:4.2.21-1

3:4.2.22-1

3:4.2.23-1

3:5.*

3:5.0~alpha1-1

3:5.0~rc1-1

3:5.0-1

3:5.0.1-1

3:5.0.2-1

3:5.0.3-1

3:5.0.4-1

3:5.0.6-1

3:5.1~alpha1-1

3:5.1~beta1-1

3:5.1~rc1-1

3:5.1-1

3:5.1.1-1

3:5.1.2-1

3:5.1.3-1

3:5.1.4-1

3:5.1.5-1

3:5.2~alpha1-1

3:5.2~beta1-1

3:5.2~rc1-1

3:5.2-1

3:5.2.1-1

3:5.2.2-1

3:5.2.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3:4.2.21-1

Affected versions

3:3.*

3:3.2.19-1

3:3.2.20-1

3:3.2.20-1.1

3:3.2.21-1

3:4.*

3:4.1-1

3:4.1.1-1

3:4.1.2-1

3:4.1.3-1

3:4.1.4-1

3:4.1.5-1

3:4.2~alpha1-1

3:4.2~beta1-1

3:4.2~rc1-1

3:4.2-1

3:4.2.1-1

3:4.2.2-1

3:4.2.3-1

3:4.2.4-1

3:4.2.5-1

3:4.2.5-2

3:4.2.6-1

3:4.2.8-1

3:4.2.9-1

3:4.2.10-1

3:4.2.11-1

3:4.2.13-1

3:4.2.14-1

3:4.2.15-1~bpo12+1

3:4.2.15-1

3:4.2.16-1

3:4.2.17-1

3:4.2.17-2

3:4.2.18-1~bpo12+1

3:4.2.18-1

3:4.2.19-1~bpo12+1

3:4.2.19-1

3:4.2.20-1~bpo12+1

3:4.2.20-1

3:4.2.21-1~bpo12+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/django/django

Affected ranges

Type: GIT
Repo: https://github.com/django/django
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

87175d270aec969d3cad4bad1abf45e07302d795

Affected versions

1.*

1.0

1.1

1.2

1.2.1

1.3

1.4

1.7a1

1.7a2

4.*

4.2

4.2.1

4.2.10

4.2.11

4.2.12

4.2.13

4.2.14

4.2.15

4.2.16

4.2.17

4.2.18

4.2.19

4.2.2

4.2.20

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

4.2.9

4.2a1

4.2b1

4.2rc1