CVE-2015-2316

Name: CVE-2015-2316
Creator: NVD / NIST
Published: 2015-03-25T14:59:02.94+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.00%

Last modified Jun 17, 2026

CVE-2015-2316 is a vulnerability of currently unknown severity. The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.. EPSS estimates a 5.00% chance of exploitation in the next 30 days.

Description

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.

Metrics

EPSS Probability

5.00%

91.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions	Update
Oracle	Solaris	11.2	—
Djangoproject	Django	1.6	—
Djangoproject	Django	1.6.1	—
Djangoproject	Django	1.6.2	—
Djangoproject	Django	1.6.3	—
Djangoproject	Django	1.6.4	—
Djangoproject	Django	1.6.5	—
Djangoproject	Django	1.6.6	—
Djangoproject	Django	1.6.7	—
Djangoproject	Django	1.6.8	—
Djangoproject	Django	1.6.9	—
Djangoproject	Django	1.6.10	—
Djangoproject	Django	1.7	Beta1
Djangoproject	Django	1.7.1	—
Djangoproject	Django	1.7.2	—
Djangoproject	Django	1.7.3	—
Djangoproject	Django	1.7.4	—
Djangoproject	Django	1.7.5	—
Djangoproject	Django	1.7.6	—
Djangoproject	Django	1.8.0	—
Canonical	Ubuntu Linux	10.04	—
Canonical	Ubuntu Linux	12.04	—
Canonical	Ubuntu Linux	14.04	—
Canonical	Ubuntu Linux	14.10	—
Fedoraproject	Fedora	22	—
Opensuse	Opensuse	13.2	—

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlThird Party Advisory
http://www.securityfocus.com/bid/73322
http://www.ubuntu.com/usn/USN-2539-1Third Party Advisory
https://www.djangoproject.com/weblog/2015/mar/18/security-releases/Patch, Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlThird Party Advisory
http://www.securityfocus.com/bid/73322
http://www.ubuntu.com/usn/USN-2539-1Third Party Advisory
https://www.djangoproject.com/weblog/2015/mar/18/security-releases/Patch, Vendor Advisory

Timeline

Published: Mar 25, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-2316?

How severe is CVE-2015-2316?

Severity scoring for CVE-2015-2316 is pending analysis. The EPSS model estimates a 5.00% probability of exploitation in the next 30 days.

How do I fix CVE-2015-2316?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-2316?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST