Description

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.

Remediation

References

CVE-2015-2316

Related Vulnerabilities

PrestaShop Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-4792)

WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Arbitrary File Upload (1.3.3.2)

WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)

WordPress Plugin Universal Star Rating Unspecified Vulnerability (1.10.3)

WordPress Plugin Free Live Chat Support Cross-Site Request Forgery (1.0.11)

Severity

Medium

Classification

CVE-2015-2316

Tags

Missing Update Known Vulnerabilities