Jiangniao

**Name of the Vulnerable Software and Affected Versions** Django versions 4.2 through 4.2.16 Django versions 5.0 through 5.0.9 Django versions 5.1 through 5.1.3 **Description** The issue is related to the `strip tags()` method and the `striptags` template filter in Django, which are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. This could allow a remote attacker to cause a denial-of-service by sending specially crafted HTML entities. The vulnerability is related to unlimited resource allocation due to incorrect HTML character escaping. **Recommendations** For Django versions 4.2 through 4.2.16, update to version 4.2.17 or later. For Django versions 5.0 through 5.0.9, update to version 5.0.10 or later. For Django versions 5.1 through 5.1.3, update to version 5.1.4 or later. As a temporary workaround, consider disabling the `strip tags()` function and the `striptags` template filter until a patch is available.