CVE-2018-7536

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

History

07 Dec 2023, 22:15

Type Values Removed Values Added
References
  • () https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16 -
  • () https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8 -
  • () https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2 -

04 Aug 2021, 17:14

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:openstack:13.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

Information

Published : 2018-03-09 20:29

Updated : 2023-12-10 12:30


NVD link : CVE-2018-7536

Mitre link : CVE-2018-7536

CVE.ORG link : CVE-2018-7536


JSON object : View

Products Affected

debian

  • debian_linux

djangoproject

  • django

redhat

  • openstack

canonical

  • ubuntu_linux
CWE
CWE-185

Incorrect Regular Expression