CVE-2015-2316

Aliases:GHSA-j3j3-jrfh-cm2wPYSEC-2015-18

Advisory lineage Upstream: 0 Downstream: 6

Downstream

DEBIAN-CVE-2015-2316 MGASA-2015-0127 SUSE-SU-2015:1109-1 SUSE-SU-2015:1112-1 UBUNTU-CVE-2015-2316 USN-2539-1

Modified

Published: 25 Mar 2015, 14:00

Last modified:06 Aug 2024, 05:10

Vulnerability Summary

Overall Risk (default)

low

20/100

CVSS Score

5 MEDIUM

v2.0 (nvd)

EPSS Score

2.25% LOW

2% probability +0.26%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Mar 2015, 14:00

Published

Vulnerability first disclosed

06 Aug 2024, 05:10

Last Modified

Vulnerability information updated

Description

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.

CVSS Metrics

v4.0•HIGH•Score: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 2.25%• Percentile: 85%

Techniques & Countermeasures

CWE-399•Resource Management Errors
Weaknesses in this category are related to improper management of system resources.

Affected Systems

canonical•ubuntu_linux
10.04 | 12.04 | 14.04 | 14.10
djangoproject•django
1.6 | 1.6:beta1 | 1.6:beta2 | 1.6:beta3 | 1.6:beta4 | 1.6.1 | 1.6.2 | 1.6.3 | 1.6.4 | 1.6.5 | 1.6.6 | 1.6.7 | 1.6.8 | 1.6.9 | 1.6.10 | 1.7:beta1 | 1.7:beta2 | 1.7:beta3 | 1.7:beta4 | 1.7:rc1 | 1.7:rc2 | 1.7:rc3 | 1.7.1 | 1.7.2 | 1.7.3 | 1.7.4 | 1.7.5 | 1.7.6 | 1.8.0
fedoraproject•fedora
22
opensuse•opensuse
13.2
Unknown•Solaris
11.2
PyPI•django
≥ 1.6, < 1.6.11 | ≥ 1.7, < 1.7.7 | ≥ 1.8a1, < 1.8c1 | ≥ 1.8a0, < 1.8c1