WEB APPLICATION VULNERABILITIES Standard & Premium

Django Uncontrolled Resource Consumption Vulnerability (CVE-2019-14233)

Description

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.

Remediation

References

Related Vulnerabilities

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44944)

WordPress 4.1.x PHP Object Injection (4.1 - 4.1.32)

Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25609)

WordPress Plugin Simple Instagram Feed Cross-Site Scripting (1.3)

WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes SQL Injection (7.6.2)

Severity

High

Classification

CVE-2019-14233 CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities