PYSEC-2015-18

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2015-18.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2015-18
Aliases
Published
2015-03-25T14:59:00Z
Modified
2024-04-29T11:56:30.933476Z
Summary
[none]
Details

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.

References

Affected packages

PyPI / django

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.6
Fixed
1.6.11
Introduced
1.7
Fixed
1.7.7
Introduced
1.8a0
Fixed
1.8c1

Affected versions

1.*

1.6
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.6.10
1.7
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.8a1
1.8b1
1.8b2