PT-2018-18141 · Django+1 · Django+1

James Davis

·

Published

2018-03-06

·

Updated

2026-01-03

·

CVE-2018-7536

CVSS v4.0

6.9

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Django versions 2.0 through 2.0.2 Django versions 1.11 through 1.11.10 Django versions 1.8 through 1.8.18
Description An issue was discovered in the django.utils.html.urlize() function, which was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions. The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
Recommendations For Django versions 2.0 through 2.0.2, update to version 2.0.3 or later. For Django versions 1.11 through 1.11.10, update to version 1.11.11 or later. For Django versions 1.8 through 1.8.18, update to version 1.8.19 or later.

Fix

Weakness Enumeration

CWE-185

Related Identifiers

CVE-2018-7536
DLA-1303-1
DSA-4161-1
GHSA-R28V-MW67-M5P9
MGASA-2018-0166
OPENSUSE-SU-2018:0651-1
OPENSUSE-SU-2023:0077-1
OPENSUSE-SU-2024:11205-1
OPENSUSE-SU-2024:13887-1
OPENSUSE-SU-2024:14208-1
OPENSUSE-SU-2026:10005-1
PYSEC-2018-5
RHSA-2018:2927
RHSA-2019:0051
RHSA-2019:0082
RHSA-2019:0265
SUSE-SU-2018:0973-1
SUSE-SU-2018:1102-1
SUSE-SU-2018:1828-1
SUSE-SU-2018:1830-1
USN-3591-1

Affected Products

Django
Ubuntu