Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-7536

Опубликовано: 06 мар. 2018
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

Отчет

This issue affects the versions of django as shipped with Red Hat Subscription Asset Manager. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 1.3python-djangoAffected
Red Hat Ceph Storage 2python-djangoAffected
Red Hat Ceph Storage 3python-djangoAffected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)python-djangoWill not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)python-djangoWill not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Toolspython-djangoWill not fix
Red Hat OpenStack Platform 11 (Ocata)python-djangoWill not fix
Red Hat OpenStack Platform 12 (Pike)python-djangoAffected
Red Hat OpenStack Platform 8 (Liberty)python-djangoWill not fix
Red Hat OpenStack Platform 8 (Liberty) Operational Toolspython-djangoWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20->CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1549777django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'

EPSS

Процентиль: 78%
0.01198
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-7536

CVSS3: 5.3
ubuntu
больше 7 лет назад

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

nvd логотип

CVE-2018-7536

CVSS3: 5.3
nvd
больше 7 лет назад

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

debian логотип

CVE-2018-7536

CVSS3: 5.3
debian
больше 7 лет назад

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ...

github логотип

GHSA-r28v-mw67-m5p9

CVSS3: 5.3
github
больше 6 лет назад

Django denial-of-service possibility in urlize and urlizetrunc template filters

suse-cvrf логотип

openSUSE-SU-2018:0826-1

suse-cvrf
около 7 лет назад

Security update for python-Django

EPSS

Процентиль: 78%
0.01198
Низкий

5.3 Medium

CVSS3

Уязвимость CVE-2018-7536