5.3

CVE-2018-7536

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
DjangoprojectDjango Version >= 1.8 < 1.8.19
DjangoprojectDjango Version >= 1.11 < 1.11.11
DjangoprojectDjango Version >= 2.0 < 2.0.3
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
RedhatOpenstack Version10
RedhatOpenstack Version13
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.77% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-185 Incorrect Regular Expression

The product specifies a regular expression in a way that causes data to be improperly matched or compared.

https://access.redhat.com/errata/RHSA-2018:2927
Third Party Advisory
http://www.securityfocus.com/bid/103361
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:0051
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0082
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0265
Third Party Advisory
https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2
https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8
https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3591-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4161
Third Party Advisory
https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
Vendor Advisory
Release Notes