The Vulnerability History Project
Vulnerabilities
Insights
Curate
Tags
All
Projects
CWEs
Languages
Lessons
Severities
Subsystems
More
News
Projects We Study
How to Contribute
By the Numbers
About Us
Toggle Theme
Warning: Our website does not support Internet Explorer, please use Edge instead.
[2.2.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
by
Leland the Mouse 2019-07-15 10:00:06 UTC
commit e34f3c0e9ee5fc9022428fe91640638bafd4cda7
Django
Fix
Super Slow Tag Stripping CVE-2019-14233
django/utils/html.py
+2
-2
docs/releases/1.11.23.txt
-17
docs/releases/2.1.11.txt
-17
docs/releases/2.2.4.txt
-17
tests/utils_tests/test_html.py
-2
expand_less
The Vulnerability History Project