An issue exists in Django 2.0 prior to 2.0.3, 1.11 prior to 1.11.11, and 1.8 prior to 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 17.10 |
||
djangoproject django |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
debian debian linux 9.0 |
||
redhat openstack 10 |
||
redhat openstack 13 |