{"id":"PYSEC-2015-18","details":"The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.","aliases":["CVE-2015-2316","GHSA-j3j3-jrfh-cm2w"],"modified":"2024-04-29T11:41:44.998564Z","published":"2015-03-25T14:59:00Z","references":[{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2539-1"},{"type":"ARTICLE","url":"https://www.djangoproject.com/weblog/2015/mar/18/security-releases/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/73322"}],"affected":[{"package":{"name":"django","ecosystem":"PyPI","purl":"pkg:pypi/django"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.6"},{"fixed":"1.6.11"},{"introduced":"1.7"},{"fixed":"1.7.7"},{"introduced":"1.8a0"},{"fixed":"1.8c1"}]}],"versions":["1.6","1.6.1","1.6.10","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.7","1.7.1","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.8a1","1.8b1","1.8b2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2015-18.yaml"}}],"schema_version":"1.7.3"}