DEBIAN-CVE-2025-32873

Advisory lineage Upstream: 1 Downstream: 2

Upstream

CVE-2025-32873

Downstream

DLA-4210-1 DSA-6136-1

Published: 08 May 2025, 04:17

Last modified:28 Apr 2026, 20:30

Vulnerability Summary

Overall Risk (default)

low

21/100

CVSS Score

5.3 MEDIUM

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

08 May 2025, 04:17

Published

Vulnerability first disclosed

28 Apr 2026, 20:30

Last Modified

Vulnerability information updated

Description

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().

CVSS Metrics

v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Systems

debian•python-django
all | < 2:2.2.28-1~deb11u7 | < 3:3.2.25-0+deb12u1 | < 3:4.2.21-1 | < 3:4.2.21-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2025-32873