PT-2018-18141 · Django+1 · Django+1

James Davis

Publicado

2018-03-06

Atualizado

2026-01-03

CVE-2018-7536

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Django versions 2.0 through 2.0.2 Django versions 1.11 through 1.11.10 Django versions 1.8 through 1.8.18

Description An issue was discovered in the django.utils.html.urlize() function, which was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions. The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

Recommendations For Django versions 2.0 through 2.0.2, update to version 2.0.3 or later. For Django versions 1.11 through 1.11.10, update to version 1.11.11 or later. For Django versions 1.8 through 1.8.18, update to version 1.8.19 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-185

Identificadores relacionados

CVE-2018-7536

DLA-1303-1

DSA-4161-1

GHSA-R28V-MW67-M5P9

MGASA-2018-0166

OPENSUSE-SU-2018:0651-1

OPENSUSE-SU-2023:0077-1

OPENSUSE-SU-2024:11205-1

OPENSUSE-SU-2024:13887-1

OPENSUSE-SU-2024:14208-1

OPENSUSE-SU-2026:10005-1

PYSEC-2018-5

RHSA-2018:2927

RHSA-2019:0051

RHSA-2019:0082

RHSA-2019:0265

SUSE-SU-2018:0973-1

SUSE-SU-2018:1102-1

SUSE-SU-2018:1828-1

SUSE-SU-2018:1830-1

USN-3591-1

Produtos afetados

Django

Ubuntu

PT-2018-18141 · Django+1 · Django+1

CVE-2018-7536

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 140