PYSEC-2015-18

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2015-18.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2015-18

Aliases

CVE-2015-2316
GHSA-j3j3-jrfh-cm2w

Published

2015-03-25T14:59:00Z

Modified

2024-04-29T11:56:30.933476Z

Summary

[none]

Details

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.

References

http://www.ubuntu.com/usn/USN-2539-1
https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/73322

Affected packages

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.6

Fixed

1.6.11

Introduced

1.7

Fixed

1.7.7

Introduced

1.8a0

Fixed

1.8c1

Affected versions

1.*

1.6

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.6.10

1.7

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.8a1

1.8b1

1.8b2