CVE-2024-53907 Information

Description

An issue was discovered in Django 5.1 before 5.1.4 5.0 before 5.0.10 and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.

Reference

https://docs.djangoproject.com/en/dev/releases/security/ https://groups.google.com/g/django-announce https://www.openwall.com/lists/oss-security/2024/12/04/3