|
|
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2
before 4.2.17. The strip_tags() method and striptags template filter are subject
to a potential denial-of-service attack via certain inputs containing large
sequences of nested incomplete HTML entities.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-53907
Upstream-patch:
https://github.com/django/django/commit/790eb058b0716c536a2f2e8d1c6d5079d776c22b
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
