Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-7536

Опубликовано: 09 мар. 2018
Источник: nvd
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
Версия от 1.8 (включая) до 1.8.19 (исключая)
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
Версия от 1.11 (включая) до 1.11.11 (исключая)
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
Версия от 2.0 (включая) до 2.0.3 (исключая)
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

EPSS

Процентиль: 78%
0.01198
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-185

Связанные уязвимости

ubuntu логотип

CVE-2018-7536

CVSS3: 5.3
ubuntu
больше 7 лет назад

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

redhat логотип

CVE-2018-7536

CVSS3: 5.3
redhat
больше 7 лет назад

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

debian логотип

CVE-2018-7536

CVSS3: 5.3
debian
больше 7 лет назад

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ...

github логотип

GHSA-r28v-mw67-m5p9

CVSS3: 5.3
github
больше 6 лет назад

Django denial-of-service possibility in urlize and urlizetrunc template filters

suse-cvrf логотип

openSUSE-SU-2018:0826-1

suse-cvrf
около 7 лет назад

Security update for python-Django

EPSS

Процентиль: 78%
0.01198
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-185