CVE-2019-14233 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
Due to the behavior of the underlying HTMLParser, django.utils.html.strip_tags() would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. The strip_tags() method is used to implement the corresponding striptags template filter, which was thus also vulnerable. strip_tags() now avoids recursive calls to HTMLParser when progress removing tags, but necessarily incomplete HTML entities, stops being made
Group Package Affected Fixed Severity Status Ticket
AVG-1015 python-django 2.2.3-1 2.2.4-1 Medium Fixed
AVG-1014 python2-django 1.11.22-1 1.11.23-1 Medium Fixed
Date Advisory Group Package Severity Description
05 Aug 2019 ASA-201908-3 AVG-1014 python2-django Medium multiple issues
05 Aug 2019 ASA-201908-2 AVG-1015 python-django Medium multiple issues
References
https://docs.djangoproject.com/en/dev/releases/1.11.23/
https://github.com/django/django/commit/4b78420d250df5e21763633871e486ee76728cc4