{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-53907", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-12-31T18:03:11.347Z", "dateReserved": "2024-11-24T00:00:00", "datePublished": "2024-12-06T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-12-06T11:42:27.713462"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://docs.djangoproject.com/en/dev/releases/security/"}, {"url": "https://groups.google.com/g/django-announce"}, {"url": "https://www.openwall.com/lists/oss-security/2024/12/04/3"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-770", "lang": "en", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "affected": [{"vendor": "djangoproject", "product": "django", "cpes": ["cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.1", "status": "affected", "lessThan": "5.1.4", "versionType": "custom"}, {"version": "5.0", "status": "affected", "lessThan": "5.0.10", "versionType": "custom"}, {"version": "4.2", "status": "affected", "lessThan": "4.2.17", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-12-06T16:22:53.268908Z", "id": "CVE-2024-53907", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-06T16:25:24.421Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-12-31T18:03:11.347Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-12-31T18:03:11.347Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-53907", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-06T16:22:53.268908Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"], "vendor": "djangoproject", "product": "django", "versions": [{"status": "affected", "version": "5.1", "lessThan": "5.1.4", "versionType": "custom"}, {"status": "affected", "version": "5.0", "lessThan": "5.0.10", "versionType": "custom"}, {"status": "affected", "version": "4.2", "lessThan": "4.2.17", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-06T16:24:56.477Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://docs.djangoproject.com/en/dev/releases/security/"}, {"url": "https://groups.google.com/g/django-announce"}, {"url": "https://www.openwall.com/lists/oss-security/2024/12/04/3"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-12-06T11:42:27.713462"}}}, "cveMetadata": {"cveId": "CVE-2024-53907", "state": "PUBLISHED", "dateUpdated": "2024-12-31T18:03:11.347Z", "dateReserved": "2024-11-24T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-12-06T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "43AD4E98-EF36-4D24-9F42-3235DFBCFF75", "versionEndExcluding": "4.2.17", "versionStartIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EAB5D22-7E1E-45E7-A577-95051DC91E5E", "versionEndExcluding": "5.0.10", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "1231C967-2BD2-4263-B892-500964ED3C12", "versionEndExcluding": "5.1.4", "versionStartIncluding": "5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Django 5.1 anterior a 5.1.4, 5.0 anterior a 5.0.10 y 4.2 anterior a 4.2.17. El m\u00e9todo strip_tags() y el filtro de plantilla striptags est\u00e1n sujetos a un posible ataque de denegaci\u00f3n de servicio a trav\u00e9s de ciertas entradas que contienen secuencias grandes de entidades HTML incompletas anidadas."}], "id": "CVE-2024-53907", "lastModified": "2025-06-24T14:55:06.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-12-06T12:15:17.730", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://docs.djangoproject.com/en/dev/releases/security/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://groups.google.com/g/django-announce"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2024/12/04/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-server-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-ui-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/aap-cloud-billing-rhel8:0.3.0-51", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/aap-cloud-billing-rhel8-operator:1.0.4-50", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/aap-cloud-metrics-collector-rhel8:1.0.2-138", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/aap-cloud-ui-rhel8:1.0.5-98", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/aap-cloud-ui-rhel8-operator:1.0.4-132", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/aap-must-gather-rhel8:0.0.1-504", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/ansible-builder-rhel8:3.0.1-109", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/ansible-python-base-rhel8:1.0.0-681", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/ansible-python-toolkit-rhel8:1.0.0-641", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/controller-rhel8:4.5.15-2", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/controller-rhel8-operator:2.4-165", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/de-minimal-rhel8:1.0.7-53", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/de-supported-rhel8:1.0.7-63", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/eda-controller-rhel8:1.0.7-30", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/eda-controller-rhel8-operator:2.4-165", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/eda-controller-ui-rhel8:1.0.7-29", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/ee-29-rhel8:1.0.0-432", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/ee-cloud-services-rhel8:1.0.0-290", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/ee-minimal-rhel8:1.0.0-789", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/ee-supported-rhel8:1.0.0-859", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/hub-rhel8:4.9.2-34", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/hub-rhel8-operator:2.4-164", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/hub-web-rhel8:4.9.2-32", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/lightspeed-rhel8:2.4.241210-1", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/lightspeed-rhel8-operator:2.4-31", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/platform-resource-rhel8-operator:2.4-157", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/platform-resource-runner-rhel8:2.4-198", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform/cloud-addons-operator-bundle:2.4-855", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform/ee-containerized-installer-rhel8:1.3.3-44", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform/platform-operator-bundle:2.4-2215", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "ansible-automation-platform-24/ansible-builder-rhel9:3.0.1-110", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "ansible-automation-platform-24/ansible-python-base-rhel9:1.0.0-682", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "ansible-automation-platform-24/ansible-python-toolkit-rhel9:1.0.0-642", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "ansible-automation-platform-24/de-minimal-rhel9:1.0.7-54", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "ansible-automation-platform-24/de-supported-rhel9:1.0.7-62", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "ansible-automation-platform-24/ee-minimal-rhel9:1.0.0-788", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11144", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "ansible-automation-platform-24/ee-supported-rhel9:1.0.0-860", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/aap-cloud-billing-rhel8:0.3.0-54", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/aap-cloud-billing-rhel8-operator:1.0.4-53", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/aap-cloud-metrics-collector-rhel8:1.0.2-139", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/aap-cloud-ui-rhel8:1.0.5-100", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/aap-cloud-ui-rhel8-operator:1.0.4-135", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/aap-must-gather-rhel8:0.0.1-507", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/ansible-builder-rhel8:3.1.0-196", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/ansible-dev-tools-rhel8:24.9.0-23", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/ansible-python-base-rhel8:1.0.0-687", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/ansible-python-toolkit-rhel8:1.0.0-646", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/controller-rhel8:4.6.3-22", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/controller-rhel8-operator:2.5-142", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/de-minimal-rhel8:1.1.2-7", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/de-supported-rhel8:1.1.2-6", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/eda-controller-rhel8:1.1.3-9", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/eda-controller-rhel8-operator:2.5-141", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/eda-controller-ui-rhel8:1.1.3-2", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/ee-minimal-rhel8:1.0.0-791", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/ee-supported-rhel8:1.0.0-862", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/gateway-proxy-rhel8:2.5.0-35", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/gateway-rhel8:2.5.20241218-3", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/gateway-rhel8-operator:2.5-172", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/hub-rhel8:4.10.1-17", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/hub-rhel8-operator:2.5-144", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/hub-web-rhel8:4.10.1-14", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/lightspeed-rhel8:2.5.241210-2", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/lightspeed-rhel8-operator:2.5-102", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/platform-resource-rhel8-operator:2.5-96", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/platform-resource-runner-rhel8:2.5-126", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/receptor-rhel8:1.5.1-6", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform/cloud-addons-operator-bundle:2.5-514", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform/platform-operator-bundle:2.5-990", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2025:0340", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "automation-controller-0:4.6.6-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0777", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "python3.11-django-0:4.2.18-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2025-01-28T00:00:00Z"}, {"advisory": "RHSA-2025:0777", "cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "package": "python3.11-django-0:4.2.18-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2025-01-28T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "ansible-automation-platform-25/ansible-builder-rhel9:3.1.0-197", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "ansible-automation-platform-25/ansible-python-base-rhel9:1.0.0-688", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "ansible-automation-platform-25/ansible-python-toolkit-rhel9:1.0.0-645", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "ansible-automation-platform-25/de-minimal-rhel9:1.1.2-6", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "ansible-automation-platform-25/de-supported-rhel9:1.1.2-5", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "ansible-automation-platform-25/ee-cloud-services-rhel9:1.0.0-291", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "ansible-automation-platform-25/ee-minimal-rhel9:1.0.0-790", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11146", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "ansible-automation-platform-25/ee-supported-rhel9:1.0.0-861", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2025:0340", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "automation-controller-0:4.6.6-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0777", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "python3.11-django-0:4.2.18-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2025-01-28T00:00:00Z"}, {"advisory": "RHSA-2025:0777", "cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "package": "python3.11-django-0:4.2.18-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2025-01-28T00:00:00Z"}], "bugzilla": {"description": "django: Potential denial-of-service in django.utils.html.strip_tags()", "id": "2329288", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329288"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-1169", "details": ["An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.", "A vulnerability was found in the Django Web Framework. The strip_tags() and stripbtags template filter may be vulnerable to a potential denial of service (DoS) in cases of a large sequence of nested incomplete HTML entities."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-53907", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/ee-dellemc-openmanage-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "python-django", "product_name": "Red Hat Ansible Automation Platform 2"}], "public_date": "2024-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53907\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53907\nhttps://www.djangoproject.com/weblog/2024/dec/04/security-releases/"], "statement": "This vulnerability is rated as a Moderate severity because it exposes the strip_tags() method and striptags template filter to a potential denial-of-service attack, malicious input containing large sequences of nested incomplete HTML entities could cause excessive processing, but it does not affect data confidentiality or integrity", "threat_severity": "Moderate"}