An issue was discovered in Django versions 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. Specifically, the django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, as it is built on top of strip_tags().
The CVSS score for this vulnerability is 5.3, indicating a medium severity level. This matters because organizations utilizing affected versions of Django may experience performance degradation if exploited. Attackers may leverage this vulnerability to slow down web applications significantly, impacting user experience and service availability.
As of now, known exploits are available, which raises the urgency for defenders. Organizations should prioritize patching immediately to mitigate risks associated with this vulnerability.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)