Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-7536

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

Related bugs and status

CVE-2018-7536 (Candidate) is related to these bugs:

Bug #1796941: CVE-2018-7536: Moderate Django Vulnerability in django.utils.html.urlize()

Summary				In	Importance	Status
	1796941	CVE-2018-7536: Moderate Django Vulnerability in django.utils.html.urlize()		StarlingX	Low	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MLIST: [debian-lts-announce] ...
CONFIRM: https://www.djangoproj...
BID: 103361
UBUNTU: USN-3591-1
DEBIAN: DSA-4161
REDHAT: RHSA-2018:2927
REDHAT: RHSA-2019:0051
REDHAT: RHSA-2019:0082
REDHAT: RHSA-2019:0265
MISC: https://github.com/dja...
MISC: https://github.com/dja...
MISC: https://github.com/dja...