UBUNTU-CVE-2025-32873

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-32873

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-32873.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-32873

Upstream

CVE-2025-32873

Downstream

USN-7501-1

USN-7501-2

Related

Published

2025-05-07T14:00:00Z

Modified

2025-10-10T15:26:17Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of striptags().

References

Affected packages

Ubuntu:20.04:LTS

python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@2:2.2.12-1ubuntu0.29?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:2.2.12-1ubuntu0.29

Affected versions

1:1.*

1:1.11.22-1ubuntu1

2:2.*

2:2.2.6-1ubuntu1

2:2.2.9-2ubuntu1

2:2.2.10-1

2:2.2.10-1ubuntu1

2:2.2.11-1

2:2.2.12-1

2:2.2.12-1ubuntu0.1

2:2.2.12-1ubuntu0.2

2:2.2.12-1ubuntu0.3

2:2.2.12-1ubuntu0.4

2:2.2.12-1ubuntu0.5

2:2.2.12-1ubuntu0.6

2:2.2.12-1ubuntu0.7

2:2.2.12-1ubuntu0.8

2:2.2.12-1ubuntu0.9

2:2.2.12-1ubuntu0.10

2:2.2.12-1ubuntu0.11

2:2.2.12-1ubuntu0.12

2:2.2.12-1ubuntu0.13

2:2.2.12-1ubuntu0.14

2:2.2.12-1ubuntu0.15

2:2.2.12-1ubuntu0.16

2:2.2.12-1ubuntu0.17

2:2.2.12-1ubuntu0.18

2:2.2.12-1ubuntu0.19

2:2.2.12-1ubuntu0.20

2:2.2.12-1ubuntu0.21

2:2.2.12-1ubuntu0.22

2:2.2.12-1ubuntu0.23

2:2.2.12-1ubuntu0.24

2:2.2.12-1ubuntu0.25

2:2.2.12-1ubuntu0.26

2:2.2.12-1ubuntu0.27

2:2.2.12-1ubuntu0.28

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python3-django",
            "binary_version": "2:2.2.12-1ubuntu0.29"
        }
    ]
}

Ubuntu:22.04:LTS

python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@2:3.2.12-2ubuntu1.18?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.2.12-2ubuntu1.18

Affected versions

2:2.*

2:2.2.24-1ubuntu1

2:3.*

2:3.2.12-2

2:3.2.12-2ubuntu1

2:3.2.12-2ubuntu1.1

2:3.2.12-2ubuntu1.2

2:3.2.12-2ubuntu1.3

2:3.2.12-2ubuntu1.4

2:3.2.12-2ubuntu1.5

2:3.2.12-2ubuntu1.6

2:3.2.12-2ubuntu1.7

2:3.2.12-2ubuntu1.8

2:3.2.12-2ubuntu1.9

2:3.2.12-2ubuntu1.10

2:3.2.12-2ubuntu1.11

2:3.2.12-2ubuntu1.12

2:3.2.12-2ubuntu1.13

2:3.2.12-2ubuntu1.14

2:3.2.12-2ubuntu1.15

2:3.2.12-2ubuntu1.16

2:3.2.12-2ubuntu1.17

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python3-django",
            "binary_version": "2:3.2.12-2ubuntu1.18"
        }
    ]
}

Ubuntu:24.04:LTS

python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@3:4.2.11-1ubuntu1.7?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3:4.2.11-1ubuntu1.7

Affected versions

3:4.*

3:4.2.4-1ubuntu2

3:4.2.8-1

3:4.2.9-1

3:4.2.11-1

3:4.2.11-1ubuntu1

3:4.2.11-1ubuntu1.1

3:4.2.11-1ubuntu1.2

3:4.2.11-1ubuntu1.3

3:4.2.11-1ubuntu1.4

3:4.2.11-1ubuntu1.5

3:4.2.11-1ubuntu1.6

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python3-django",
            "binary_version": "3:4.2.11-1ubuntu1.7"
        }
    ]
}

Ubuntu:25.04

python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@3:4.2.18-1ubuntu1.1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3:4.2.18-1ubuntu1.1

Affected versions

3:4.*

3:4.2.15-1ubuntu1

3:4.2.17-2

3:4.2.18-1

3:4.2.18-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python3-django",
            "binary_version": "3:4.2.18-1ubuntu1.1"
        }
    ]
}

Ubuntu:25.10

python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@3:4.2.18-1ubuntu1.1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3:4.2.18-1ubuntu1.1

Affected versions

3:4.*

3:4.2.18-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python3-django",
            "binary_version": "3:4.2.18-1ubuntu1.1"
        }
    ]
}

Ubuntu:Pro:14.04:LTS

python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@1.6.11-0ubuntu1.3+esm8?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.4-1ubuntu1

1.6-1

1.6.1-1

1.6.1-2

1.6.1-2ubuntu0.1

1.6.1-2ubuntu0.2

1.6.1-2ubuntu0.3

1.6.1-2ubuntu0.4

1.6.1-2ubuntu0.5

1.6.1-2ubuntu0.6

1.6.1-2ubuntu0.8

1.6.1-2ubuntu0.9

1.6.1-2ubuntu0.10

1.6.1-2ubuntu0.11

1.6.1-2ubuntu0.12

1.6.1-2ubuntu0.13

1.6.1-2ubuntu0.14

1.6.1-2ubuntu0.15

1.6.1-2ubuntu0.16

1.6.11-0ubuntu1

1.6.11-0ubuntu1.1

1.6.11-0ubuntu1.2

1.6.11-0ubuntu1.3

1.6.11-0ubuntu1.3+esm1

1.6.11-0ubuntu1.3+esm2

1.6.11-0ubuntu1.3+esm3

1.6.11-0ubuntu1.3+esm4

1.6.11-0ubuntu1.3+esm5

1.6.11-0ubuntu1.3+esm6

1.6.11-0ubuntu1.3+esm7

1.6.11-0ubuntu1.3+esm8

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-django",
            "binary_version": "1.6.11-0ubuntu1.3+esm8"
        }
    ]
}

Ubuntu:Pro:16.04:LTS

python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@1.8.7-1ubuntu5.15+esm9?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.9-1ubuntu5

1.8.5-2ubuntu1

1.8.7-1ubuntu1

1.8.7-1ubuntu2

1.8.7-1ubuntu3

1.8.7-1ubuntu4

1.8.7-1ubuntu5

1.8.7-1ubuntu5.1

1.8.7-1ubuntu5.2

1.8.7-1ubuntu5.4

1.8.7-1ubuntu5.5

1.8.7-1ubuntu5.6

1.8.7-1ubuntu5.7

1.8.7-1ubuntu5.8

1.8.7-1ubuntu5.9

1.8.7-1ubuntu5.10

1.8.7-1ubuntu5.11

1.8.7-1ubuntu5.12

1.8.7-1ubuntu5.13

1.8.7-1ubuntu5.14

1.8.7-1ubuntu5.15

1.8.7-1ubuntu5.15+esm1

1.8.7-1ubuntu5.15+esm3

1.8.7-1ubuntu5.15+esm4

1.8.7-1ubuntu5.15+esm5

1.8.7-1ubuntu5.15+esm6

1.8.7-1ubuntu5.15+esm7

1.8.7-1ubuntu5.15+esm8

1.8.7-1ubuntu5.15+esm9

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-django",
            "binary_version": "1.8.7-1ubuntu5.15+esm9"
        },
        {
            "binary_name": "python-django-common",
            "binary_version": "1.8.7-1ubuntu5.15+esm9"
        },
        {
            "binary_name": "python3-django",
            "binary_version": "1.8.7-1ubuntu5.15+esm9"
        }
    ]
}

Ubuntu:Pro:18.04:LTS

python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@1:1.11.11-1ubuntu1.21+esm11?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.11.11-1ubuntu1.21+esm11

Affected versions

1:1.*

1:1.11.4-1ubuntu1

1:1.11.6-1ubuntu1

1:1.11.9-1ubuntu1

1:1.11.11-1ubuntu1

1:1.11.11-1ubuntu1.1

1:1.11.11-1ubuntu1.2

1:1.11.11-1ubuntu1.3

1:1.11.11-1ubuntu1.4

1:1.11.11-1ubuntu1.5

1:1.11.11-1ubuntu1.6

1:1.11.11-1ubuntu1.7

1:1.11.11-1ubuntu1.8

1:1.11.11-1ubuntu1.9

1:1.11.11-1ubuntu1.10

1:1.11.11-1ubuntu1.11

1:1.11.11-1ubuntu1.12

1:1.11.11-1ubuntu1.13

1:1.11.11-1ubuntu1.14

1:1.11.11-1ubuntu1.15

1:1.11.11-1ubuntu1.16

1:1.11.11-1ubuntu1.17

1:1.11.11-1ubuntu1.18

1:1.11.11-1ubuntu1.19

1:1.11.11-1ubuntu1.20

1:1.11.11-1ubuntu1.21

1:1.11.11-1ubuntu1.21+esm1

1:1.11.11-1ubuntu1.21+esm2

1:1.11.11-1ubuntu1.21+esm3

1:1.11.11-1ubuntu1.21+esm4

1:1.11.11-1ubuntu1.21+esm5

1:1.11.11-1ubuntu1.21+esm6

1:1.11.11-1ubuntu1.21+esm7

1:1.11.11-1ubuntu1.21+esm8

1:1.11.11-1ubuntu1.21+esm9

1:1.11.11-1ubuntu1.21+esm10

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "python-django",
            "binary_version": "1:1.11.11-1ubuntu1.21+esm11"
        },
        {
            "binary_name": "python-django-common",
            "binary_version": "1:1.11.11-1ubuntu1.21+esm11"
        },
        {
            "binary_name": "python3-django",
            "binary_version": "1:1.11.11-1ubuntu1.21+esm11"
        }
    ]
}