CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-48432 – Ubuntu Security Notice USN-7555-1
https://notcve.org/view.php?id=CVE-2025-48432
05 Jun 2025 — An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. Se descubrió un problema en Django 5.2 (anterior a la 5.2.2), 5.1 (anterior a la 5.1.10) y 4.2 (anterior a la 4.2.22). El registro interno de respuestas HTTP no e... • https://docs.djangoproject.com/en/dev/releases/security • CWE-117: Improper Output Neutralization for Logs •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2025-32873 – Ubuntu Security Notice USN-7501-2
https://notcve.org/view.php?id=CVE-2025-32873
08 May 2025 — An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). USN-7501-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. • https://github.com/Apollo-R3bot/django-vulnerability-CVE-2025-32873 • CWE-770: Allocation of Resources Without Limits or Throttling •