VDB
CVE-2025-32873
CVE-2025-32873
PUBLISHED
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
EPSS 0.19% · 40.5th percentile
Risk Scores
EPSS Score
0.19%
40.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | django | 4.2.0, 5.1.0, 5.2.0 |
| Bitnami | django | 5.2.0, 5.1.0, 4.2.0 |
Timeline
- May 7, 2025 CVE Published
- May 8, 2025 EPSS Score
- May 10, 2025 Coalition ESS Score
- May 20, 2025 EPSS Score
- May 31, 2025 EPSS Score
- Jun 12, 2025 EPSS Score
- Jun 18, 2025 Coalition ESS Score
- Jun 23, 2025 EPSS Score
- Jun 24, 2025 Coalition ESS Score
- Jul 5, 2025 EPSS Score
- Jul 17, 2025 EPSS Score
- Jul 28, 2025 EPSS Score