Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2018-7537

Published: 09/03/2018 Updated: 28/02/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Ubuntu Linux

Vulnerability Summary

An issue exists in Django 2.0 prior to 2.0.3, 1.11 prior to 1.11.11, and 1.8 prior to 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 17.10

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

djangoproject django

debian debian linux 7.0

debian debian linux 8.0

debian debian linux 9.0

Vendor Advisories

Ubuntu Security Notice: python-django vulnerabilities
Several security issues were fixed in Django ...
Red Hat: Moderate: Red Hat Gluster Storage Web Administration security update
Synopsis Moderate: Red Hat Gluster Storage Web Administration security update Type/Severity Security Advisory: Moderate Topic Updated packages are now available for Red Hat Gluster Storage 34 Web Administration Batch Update 3 on Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as h ...
Red Hat: Important: Satellite 6.4 security, bug fix, and enhancement update
Synopsis Important: Satellite 64 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Satellite 64 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Red Hat: CVE-2018-7537
An issue was discovered in Django 20 before 203, 111 before 11111, and 18 before 1819 If djangoutilstextTruncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression The chars() and words() methods ...
Arch Linux Issues:
If djangoutilstextTruncator’s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which w ...

References

CWE-185https://www.djangoproject.com/weblog/2018/mar/06/security-releases/https://lists.debian.org/debian-lts-announce/2018/03/msg00006.htmlhttp://www.securityfocus.com/bid/103357https://usn.ubuntu.com/3591-1/https://www.debian.org/security/2018/dsa-4161https://access.redhat.com/errata/RHSA-2018:2927https://access.redhat.com/errata/RHSA-2019:0265https://usn.ubuntu.com/3591-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook