Moderate severityNVD Advisory· Published May 8, 2025· Updated May 8, 2025
CVE-2025-32873
CVE-2025-32873
Description
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 4.2, < 4.2.21 | 4.2.21 |
DjangoPyPI | >= 5.1, < 5.1.9 | 5.1.9 |
DjangoPyPI | >= 5.2, < 5.2.1 | 5.2.1 |
Affected products
14- osv-coords13 versionspkg:apk/chainguard/awxpkg:apk/chainguard/grafana-oncallpkg:apk/chainguard/grafana-oncall-compatpkg:apk/wolfi/grafana-oncallpkg:apk/wolfi/grafana-oncall-compatpkg:bitnami/djangopkg:pypi/djangopkg:rpm/opensuse/python-Django4&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-Django6&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-Django&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-Django&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-Django&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/python-Django&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7
< 24.6.1-r6+ 12 more
- (no CPE)range: < 24.6.1-r6
- (no CPE)range: < 1.16.1-r0
- (no CPE)range: < 1.16.1-r0
- (no CPE)range: < 1.16.1-r0
- (no CPE)range: < 1.16.1-r0
- (no CPE)range: >= 4.2.0, < 4.2.21
- (no CPE)range: >= 4.2, < 4.2.21
- (no CPE)range: < 4.2.21-1.1
- (no CPE)range: < 6.0-1.1
- (no CPE)range: < 4.2.11-150600.3.21.1
- (no CPE)range: < 5.2.1-1.1
- (no CPE)range: < 4.2.11-150600.3.21.1
- (no CPE)range: < 4.2.11-150600.3.21.1
- Range: 4.2
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-8j24-cjrq-gr2mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-32873ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/05/07/1ghsaWEB
- docs.djangoproject.com/en/dev/releases/securityghsaWEB
- github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yamlghsaWEB
- groups.google.com/g/django-announceghsaWEB
- www.djangoproject.com/weblog/2025/may/07/security-releasesghsaWEB
- docs.djangoproject.com/en/dev/releases/security/mitre
- www.djangoproject.com/weblog/2025/may/07/security-releases/mitre
News mentions
0No linked articles in our index yet.