Detections
Analytics
Python Library Django 4.2.x < 4.2.21 / 5.1.x < 5.1.9 / 5.2.x < 5.2.1 DoS
medium Nessus Plugin ID 235780
Synopsis
A Python library installed on the remote Windows host is affected by a denial of service vulnerability.Description
The detected version of the Django Python package, Django, is 4.2.x prior to 4.2.21 or 5.1.x prior to 5.1.9 or 5.2.x prior to 5.2.1.It is, therefore, affected by a denial of service vulnerability as disclosed in Django's May 7th 2025 security advisory. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Django version 4.2.21 ,5.1.9, 5.2.1 or later.See Also
https://www.djangoproject.com/weblog/2025/may/07/security-releases/
Plugin Details
Severity: Medium
ID: 235780
File Name: python_django_5_2_1.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows
Published: 5/13/2025
Updated: 5/13/2025
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.9
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2025-32873
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Information
CPE: cpe:/a:djangoproject:django
Required KB Items: SMB/Registry/Enumerated, Host/win/Python/Packages/Enumerated
Patch Publication Date: 5/7/2025
Vulnerability Publication Date: 5/7/2025
Reference Information
CVE: CVE-2025-32873
IAVA: 2025-A-0317