vulnerability

Debian: CVE-2024-53907: python-django -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Dec 6, 2024

Added

Jan 3, 2025

Modified

Mar 30, 2026

Description

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.

Solution

debian-upgrade-python-django

References

CVE-2024-53907
https://attackerkb.com/topics/CVE-2024-53907
CWE-770
DEBIAN-DLA-4006-1
EUVD-EUVD-2024-0048
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-0048

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report