QwikSec

Security Database

CVE

CWE

Training

CVE-2018-7536

Published: Mar 9, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

vendor-advisory

[debian-lts-announce] 20180308 [SECURITY] [DLA 1303-1] python-django security update

mailing-list

vdb-entry

https://www.djangoproject.com/weblog/2018/mar/06/security-releases/

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2

https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16

https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.