CVE-2018-7537

09.03.2018, 20:29

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Vendor	Product	Version
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	17.10
djangoproject	django	1.8 ≤ 𝑥 < 1.8.19
djangoproject	django	1.11 ≤ 𝑥 < 1.11.11
djangoproject	django	2.0 ≤ 𝑥 < 2.0.3
debian	debian_linux	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

python-django

bullseye (security)	2:2.2.28-1~deb11u2 fixed
bullseye	2:2.2.28-1~deb11u2 fixed
bookworm	3:3.2.19-1+deb12u1 fixed
bookworm (security)	3:3.2.19-1+deb12u1 fixed
sid	3:4.2.16-1 fixed
trixie	3:4.2.16-1 fixed