Published: 09/03/2018 Updated: 07/12/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue exists in Django 2.0 prior to 2.0.3, 1.11 prior to 1.11.11, and 1.8 prior to 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10
djangoproject django
debian debian linux 8.0
debian debian linux 7.0
debian debian linux 9.0
redhat openstack 10
redhat openstack 13

Several security issues were fixed in Django ...

Debian Bug report logs - #918230 python-django: CVE-2019-3498: Content spoofing possibility in the default 404 page Package: src:python-django; Maintainer for src:python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, ...

Synopsis Moderate: python-django security update Type/Severity Security Advisory: Moderate Topic An update for python-django is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...

Synopsis Moderate: Red Hat Gluster Storage Web Administration security update Type/Severity Security Advisory: Moderate Topic Updated packages are now available for Red Hat Gluster Storage 34 Web Administration Batch Update 3 on Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as h ...

Synopsis Moderate: python-django security update Type/Severity Security Advisory: Moderate Topic An update for python-django is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...

Synopsis Important: Satellite 64 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Satellite 64 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

An issue was discovered in Django 20 before 203, 111 before 11111, and 18 before 1819 The djangoutilshtmlurlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 18x) The urlize() function is used to implement t ...

The djangoutilshtmlurlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable The problematic regular expressions are replaced with parsing logic tha ...

CWE-185 https://www.djangoproject.com/weblog/2018/mar/06/security-releases/https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html http://www.securityfocus.com/bid/103361 https://usn.ubuntu.com/3591-1/https://www.debian.org/security/2018/dsa-4161 https://access.redhat.com/errata/RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2019:0082 https://access.redhat.com/errata/RHSA-2019:0051 https://access.redhat.com/errata/RHSA-2019:0265 https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2 https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16 https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8 https://usn.ubuntu.com/3591-1/https://nvd.nist.gov

CVE-2018-7536

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect