UBUNTU-CVE-2025-32873

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-32873

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-32873.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-32873

Related

Published

2025-05-07T14:00:00Z

Modified

2025-06-19T15:51:22Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of striptags().

References

Affected packages

Ubuntu:Pro:14.04:LTS / python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@1.6.11-0ubuntu1.3+esm7?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.4-1ubuntu1

1.6-1

1.6.1-1

1.6.1-2

1.6.1-2ubuntu0.1

1.6.1-2ubuntu0.2

1.6.1-2ubuntu0.3

1.6.1-2ubuntu0.4

1.6.1-2ubuntu0.5

1.6.1-2ubuntu0.6

1.6.1-2ubuntu0.8

1.6.1-2ubuntu0.9

1.6.1-2ubuntu0.10

1.6.1-2ubuntu0.11

1.6.1-2ubuntu0.12

1.6.1-2ubuntu0.13

1.6.1-2ubuntu0.14

1.6.1-2ubuntu0.15

1.6.1-2ubuntu0.16

1.6.11-0ubuntu1

1.6.11-0ubuntu1.1

1.6.11-0ubuntu1.2

1.6.11-0ubuntu1.3

1.6.11-0ubuntu1.3+esm1

1.6.11-0ubuntu1.3+esm2

1.6.11-0ubuntu1.3+esm3

1.6.11-0ubuntu1.3+esm4

1.6.11-0ubuntu1.3+esm5

1.6.11-0ubuntu1.3+esm6

1.6.11-0ubuntu1.3+esm7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@1.8.7-1ubuntu5.15+esm8?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.9-1ubuntu5

1.8.5-2ubuntu1

1.8.7-1ubuntu1

1.8.7-1ubuntu2

1.8.7-1ubuntu3

1.8.7-1ubuntu4

1.8.7-1ubuntu5

1.8.7-1ubuntu5.1

1.8.7-1ubuntu5.2

1.8.7-1ubuntu5.4

1.8.7-1ubuntu5.5

1.8.7-1ubuntu5.6

1.8.7-1ubuntu5.7

1.8.7-1ubuntu5.8

1.8.7-1ubuntu5.9

1.8.7-1ubuntu5.10

1.8.7-1ubuntu5.11

1.8.7-1ubuntu5.12

1.8.7-1ubuntu5.13

1.8.7-1ubuntu5.14

1.8.7-1ubuntu5.15

1.8.7-1ubuntu5.15+esm1

1.8.7-1ubuntu5.15+esm3

1.8.7-1ubuntu5.15+esm4

1.8.7-1ubuntu5.15+esm5

1.8.7-1ubuntu5.15+esm6

1.8.7-1ubuntu5.15+esm7

1.8.7-1ubuntu5.15+esm8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@1:1.11.11-1ubuntu1.21+esm11?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.11.11-1ubuntu1.21+esm11

Affected versions

1:1.*

1:1.11.4-1ubuntu1

1:1.11.6-1ubuntu1

1:1.11.9-1ubuntu1

1:1.11.11-1ubuntu1

1:1.11.11-1ubuntu1.1

1:1.11.11-1ubuntu1.2

1:1.11.11-1ubuntu1.3

1:1.11.11-1ubuntu1.4

1:1.11.11-1ubuntu1.5

1:1.11.11-1ubuntu1.6

1:1.11.11-1ubuntu1.7

1:1.11.11-1ubuntu1.8

1:1.11.11-1ubuntu1.9

1:1.11.11-1ubuntu1.10

1:1.11.11-1ubuntu1.11

1:1.11.11-1ubuntu1.12

1:1.11.11-1ubuntu1.13

1:1.11.11-1ubuntu1.14

1:1.11.11-1ubuntu1.15

1:1.11.11-1ubuntu1.16

1:1.11.11-1ubuntu1.17

1:1.11.11-1ubuntu1.18

1:1.11.11-1ubuntu1.19

1:1.11.11-1ubuntu1.20

1:1.11.11-1ubuntu1.21

1:1.11.11-1ubuntu1.21+esm1

1:1.11.11-1ubuntu1.21+esm2

1:1.11.11-1ubuntu1.21+esm3

1:1.11.11-1ubuntu1.21+esm4

1:1.11.11-1ubuntu1.21+esm5

1:1.11.11-1ubuntu1.21+esm6

1:1.11.11-1ubuntu1.21+esm7

1:1.11.11-1ubuntu1.21+esm8

1:1.11.11-1ubuntu1.21+esm9

1:1.11.11-1ubuntu1.21+esm10

Ecosystem specific

{
    "ubuntu_priority": "medium",
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "python-django",
            "binary_version": "1:1.11.11-1ubuntu1.21+esm11"
        },
        {
            "binary_name": "python-django-common",
            "binary_version": "1:1.11.11-1ubuntu1.21+esm11"
        },
        {
            "binary_name": "python-django-doc",
            "binary_version": "1:1.11.11-1ubuntu1.21+esm11"
        },
        {
            "binary_name": "python3-django",
            "binary_version": "1:1.11.11-1ubuntu1.21+esm11"
        }
    ]
}

Ubuntu:20.04:LTS / python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@2:2.2.12-1ubuntu0.29?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:2.2.12-1ubuntu0.29

Affected versions

1:1.*

1:1.11.22-1ubuntu1

2:2.*

2:2.2.6-1ubuntu1

2:2.2.9-2ubuntu1

2:2.2.10-1

2:2.2.10-1ubuntu1

2:2.2.11-1

2:2.2.12-1

2:2.2.12-1ubuntu0.1

2:2.2.12-1ubuntu0.2

2:2.2.12-1ubuntu0.3

2:2.2.12-1ubuntu0.4

2:2.2.12-1ubuntu0.5

2:2.2.12-1ubuntu0.6

2:2.2.12-1ubuntu0.7

2:2.2.12-1ubuntu0.8

2:2.2.12-1ubuntu0.9

2:2.2.12-1ubuntu0.10

2:2.2.12-1ubuntu0.11

2:2.2.12-1ubuntu0.12

2:2.2.12-1ubuntu0.13

2:2.2.12-1ubuntu0.14

2:2.2.12-1ubuntu0.15

2:2.2.12-1ubuntu0.16

2:2.2.12-1ubuntu0.17

2:2.2.12-1ubuntu0.18

2:2.2.12-1ubuntu0.19

2:2.2.12-1ubuntu0.20

2:2.2.12-1ubuntu0.21

2:2.2.12-1ubuntu0.22

2:2.2.12-1ubuntu0.23

2:2.2.12-1ubuntu0.24

2:2.2.12-1ubuntu0.25

2:2.2.12-1ubuntu0.26

2:2.2.12-1ubuntu0.27

2:2.2.12-1ubuntu0.28

Ecosystem specific

{
    "ubuntu_priority": "medium",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python-django-doc",
            "binary_version": "2:2.2.12-1ubuntu0.29"
        },
        {
            "binary_name": "python3-django",
            "binary_version": "2:2.2.12-1ubuntu0.29"
        }
    ]
}

Ubuntu:22.04:LTS / python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@2:3.2.12-2ubuntu1.18?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.2.12-2ubuntu1.18

Affected versions

2:2.*

2:2.2.24-1ubuntu1

2:3.*

2:3.2.12-2

2:3.2.12-2ubuntu1

2:3.2.12-2ubuntu1.1

2:3.2.12-2ubuntu1.2

2:3.2.12-2ubuntu1.3

2:3.2.12-2ubuntu1.4

2:3.2.12-2ubuntu1.5

2:3.2.12-2ubuntu1.6

2:3.2.12-2ubuntu1.7

2:3.2.12-2ubuntu1.8

2:3.2.12-2ubuntu1.9

2:3.2.12-2ubuntu1.10

2:3.2.12-2ubuntu1.11

2:3.2.12-2ubuntu1.12

2:3.2.12-2ubuntu1.13

2:3.2.12-2ubuntu1.14

2:3.2.12-2ubuntu1.15

2:3.2.12-2ubuntu1.16

2:3.2.12-2ubuntu1.17

Ecosystem specific

{
    "ubuntu_priority": "medium",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python-django-doc",
            "binary_version": "2:3.2.12-2ubuntu1.18"
        },
        {
            "binary_name": "python3-django",
            "binary_version": "2:3.2.12-2ubuntu1.18"
        }
    ]
}

Ubuntu:24.10 / python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@3:4.2.15-1ubuntu1.4?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3:4.2.15-1ubuntu1.4

Affected versions

3:4.*

3:4.2.11-1ubuntu1

3:4.2.13-1

3:4.2.14-1

3:4.2.15-1

3:4.2.15-1ubuntu1

3:4.2.15-1ubuntu1.1

3:4.2.15-1ubuntu1.2

3:4.2.15-1ubuntu1.3

Ecosystem specific

{
    "ubuntu_priority": "medium",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python-django-doc",
            "binary_version": "3:4.2.15-1ubuntu1.4"
        },
        {
            "binary_name": "python3-django",
            "binary_version": "3:4.2.15-1ubuntu1.4"
        }
    ]
}

Ubuntu:24.04:LTS / python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@3:4.2.11-1ubuntu1.7?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3:4.2.11-1ubuntu1.7

Affected versions

3:4.*

3:4.2.4-1ubuntu2

3:4.2.8-1

3:4.2.9-1

3:4.2.11-1

3:4.2.11-1ubuntu1

3:4.2.11-1ubuntu1.1

3:4.2.11-1ubuntu1.2

3:4.2.11-1ubuntu1.3

3:4.2.11-1ubuntu1.4

3:4.2.11-1ubuntu1.5

3:4.2.11-1ubuntu1.6

Ecosystem specific

{
    "ubuntu_priority": "medium",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python-django-doc",
            "binary_version": "3:4.2.11-1ubuntu1.7"
        },
        {
            "binary_name": "python3-django",
            "binary_version": "3:4.2.11-1ubuntu1.7"
        }
    ]
}

Ubuntu:25.04 / python-django

Package

Name: python-django
Purl: pkg:deb/ubuntu/python-django@3:4.2.18-1ubuntu1.1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3:4.2.18-1ubuntu1.1

Affected versions

3:4.*

3:4.2.15-1ubuntu1

3:4.2.17-2

3:4.2.18-1

3:4.2.18-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python-django-doc",
            "binary_version": "3:4.2.18-1ubuntu1.1"
        },
        {
            "binary_name": "python3-django",
            "binary_version": "3:4.2.18-1ubuntu1.1"
        }
    ]
}