CVE-2025-32873

{"id": "CVE-2025-32873", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-05-08T04:17:18.157", "references": [{"url": "https://docs.djangoproject.com/en/dev/releases/security/", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://groups.google.com/g/django-announce", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "https://www.djangoproject.com/weblog/2025/may/07/security-releases/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2025/05/07/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags()."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Django 4.2 (anterior a 4.2.21), 5.1 (anterior a 5.1.9) y 5.2 (anterior a 5.2.1). La funci\u00f3n django.utils.html.strip_tags() es vulnerable a una posible denegaci\u00f3n de servicio (rendimiento lento) al procesar entradas que contienen grandes secuencias de etiquetas HTML incompletas. El filtro de plantilla striptags tambi\u00e9n es vulnerable, ya que est\u00e1 basado en strip_tags()."}], "lastModified": "2025-06-17T19:44:20.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "101C65E4-566E-4B85-9C4B-7ED32B0713BD", "versionEndExcluding": "4.2.21", "versionStartIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A87163B0-95FF-4F8F-9D6A-24DBE914CE93", "versionEndExcluding": "5.1.9", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:a:djangoproject:django:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B2D6B37-4BCA-4431-8A03-6BDC7B2BD42D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}