5.3
CVE-2018-7536
- EPSS 1.2%
- Published 09.03.2018 20:29:00
- Last modified 21.11.2024 04:12:19
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
Data is provided by the National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version17.10
Djangoproject ≫ Django Version >= 1.8 < 1.8.19
Djangoproject ≫ Django Version >= 1.11 < 1.11.11
Djangoproject ≫ Django Version >= 2.0 < 2.0.3
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.2% | 0.78 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-185 Incorrect Regular Expression
The product specifies a regular expression in a way that causes data to be improperly matched or compared.