CVE-2018-7536

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-7536
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7536.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-7536
Aliases
Downstream
Related
Published
2018-03-09T20:29:00Z
Modified
2025-09-30T07:10:01.145610Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

References

Affected packages

Git / github.com/django/django

Affected ranges

Type
GIT
Repo
https://github.com/django/django
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1ca63a66ef3163149ad822701273e8a1844192c2
Fixed
abf89d729f210c692a50e0ad3f75fb6bec6fae16
Fixed
e157315da3ae7005fa0683ffc9751dbeca7306c8

Affected versions

1.*

1.0
1.1
1.11
1.11.1
1.11.10
1.11.2
1.11.3
1.11.4
1.11.5
1.11.6
1.11.7
1.11.8
1.11.9
1.11a1
1.11b1
1.11rc1
1.2
1.2.1
1.3
1.4
1.7a1
1.7a2
1.8
1.8.1
1.8.10
1.8.11
1.8.12
1.8.13
1.8.14
1.8.15
1.8.16
1.8.17
1.8.18
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
1.8a1
1.8b1
1.8b2
1.8c1

2.*

2.0
2.0.1
2.0.2
2.0a1
2.0b1
2.0rc1