VDB

CVE-2025-32873

CVE-2025-32873 PUBLISHED

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().

EPSS 0.19% · 40.5th percentile

Risk Scores

EPSS Score
0.19%
40.5th percentile

Affected Products

VendorProductVersions
Bitnamidjango4.2.0, 5.1.0, 5.2.0
Bitnamidjango5.2.0, 5.1.0, 4.2.0

Timeline

  • May 7, 2025 CVE Published
  • May 8, 2025 EPSS Score
  • May 10, 2025 Coalition ESS Score
  • May 20, 2025 EPSS Score
  • May 31, 2025 EPSS Score
  • Jun 12, 2025 EPSS Score
  • Jun 18, 2025 Coalition ESS Score
  • Jun 23, 2025 EPSS Score
  • Jun 24, 2025 Coalition ESS Score
  • Jul 5, 2025 EPSS Score
  • Jul 17, 2025 EPSS Score
  • Jul 28, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›