| Package | python-django |
|---|---|
| Version | 1.7.11-1+deb8u20 (jessie) |
| Related CVEs | CVE-2025-32873 CVE-2024-24680 CVE-2023-36053 |
A number of vulnerabilities were discovered in Django, a popular Python-based web development framework:
-
CVE-2025-32873: Prevent an issue where the
strip_tags()function indjango.utils.htmlwas vulnerable to a potential denial-of-service (DoS) attack when processing inputs containing large sequences of incomplete HTML tags. The template filter|striptagswas similarly vulnerable, as it is built on top ofstrip_tags(). -
CVE-2024-24680: Prevent an issue where the
|intcommatemplate filter was subject to a potential denial-of-service attack when used with very long input strings. -
CVE-2023-36053: Prevent an potential denial-of-service issue in the
EmailValidatorandURLValidatorclasses that could have been exploited via a very large number of domain name labels containing emails and/or URLs.
For Debian 8 jessie, these problems have been fixed in version 1.7.11-1+deb8u20.
We recommend that you upgrade your python-django packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.