High severityNVD Advisory· Published Mar 25, 2015· Updated Jun 17, 2026
CVE-2015-2316
CVE-2015-2316
Description
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 1.6, < 1.6.11 | 1.6.11 |
DjangoPyPI | >= 1.7, < 1.7.7 | 1.7.7 |
DjangoPyPI | >= 1.8a1, < 1.8c1 | 1.8c1 |
Affected products
38cpe:2.3:a:djangoproject:django:1.6:-:*:*:*:*:*:*+ 28 more
- cpe:2.3:a:djangoproject:django:1.6:-:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6:beta1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6:beta2:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6:beta3:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6:beta4:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:beta1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:beta2:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:beta3:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:beta4:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:rc2:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:rc3:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
- ghsa-coords2 versions
>= 1.6, < 1.6.11+ 1 more
- (no CPE)range: >= 1.6, < 1.6.11
- (no CPE)range: < 1.6.11-4.1
Patches
Vulnerability mechanics
References
14- www.djangoproject.com/weblog/2015/mar/18/security-releases/nvdPatchVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.htmlnvdThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-updates/2015-04/msg00001.htmlnvdThird Party AdvisoryWEB
- www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlnvdThird Party AdvisoryWEB
- www.ubuntu.com/usn/USN-2539-1nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-j3j3-jrfh-cm2wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-2316ghsaADVISORY
- github.com/django/django/commit/5447709a571cd5d95971f1d5d21d4a7edcf85bbdghsaWEB
- github.com/django/django/commit/b6b3cb9899214a23ebb0f4ebf0e0b300b0ee524fghsaWEB
- github.com/django/django/commit/e63363f8e075fa8d66326ad6a1cc3391cc95cd97ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-18.yamlghsaWEB
- web.archive.org/web/20200229033201/http://www.securityfocus.com/bid/73322ghsaWEB
- www.djangoproject.com/weblog/2015/mar/18/security-releasesghsaWEB
- www.securityfocus.com/bid/73322nvd
News mentions
0No linked articles in our index yet.