Potential Denial-of-Service Attack in Django through strip_tags() and striptags Template Filter
CVE-2024-53907

7.5HIGH

Key Information:

Vendor: Django
Vendor: CVE Published:; 6 December 2024

What is CVE-2024-53907?

An identified vulnerability within specific versions of the Django web framework can lead to a denial-of-service condition. The issue affects the strip_tags() method and the striptags template filter, which may become susceptible to an attack when confronted with specially crafted inputs containing extensive sequences of nested incomplete HTML entities. This scenario can potentially overwhelm the application, causing degradation in performance or complete service interruption. Developers utilizing affected versions are advised to address this vulnerability promptly to ensure sustained service availability and application integrity.

References

https://docs.djangoproject.com/en/dev/releases/security/

https://groups.google.com/g/django-announce

https://www.openwall.com/lists/oss-security/2024/12/04/3

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2024
Vulnerability Reserved
Nov 24, 2024