Lucene search
PRIOn knowledge basePRION:CVE-2018-7537HistoryMar 09, 2018 - 8:29 p.m.
Design/Logic Flaw
2018-03-0920:29:00
PRIOn knowledge base
www.prio-n.com
7
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator’s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 16.04 | |
| ubuntu_linux | eq | 14.04 | |
| ubuntu_linux | eq | 17.10 | |
| debian_linux | eq | 8.0 | |
| debian_linux | eq | 7.0 | |
| debian_linux | eq | 9.0 | |
| django | ge | 1.8 | |
| django | lt | 1.8.19 | |
| django | ge | 1.11 | |
| django | lt | 1.11.11 |
Related
osv
osv
PYSEC-2018-6
2018-03-09 20:29:00
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
2019-01-04 17:50:00
CVE-2018-7537
2018-03-09 20:29:00
ubuntucve
ubuntucve
CVE-2018-7537
2018-03-06 00:00:00
debiancve
debiancve
CVE-2018-7537
2018-03-09 20:29:00
redhatcve
redhatcve
CVE-2018-7537
2018-03-06 16:19:07
alpinelinux
alpinelinux
CVE-2018-7537
2018-03-09 20:29:00
github
github
cvelist
cvelist
CVE-2018-7537
2018-03-09 20:00:00
cve
cve
CVE-2018-7537
2018-03-09 20:29:00
nvd
nvd
CVE-2018-7537
2018-03-09 20:29:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2018-03-07 08:38:59
nessus
nessus
Fedora 27 : python-django (2018-bd1147f152)
2018-03-16 00:00:00
Debian DSA-4161-1 : python-django - security update
2018-04-02 00:00:00
Fedora 28 : python-django (2018-cce0e0bd04)
2019-01-03 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: python2-django1.11-1.11.11-1.fc28
2018-03-30 13:32:27
[SECURITY] Fedora 27 Update: python-django-1.11.11-1.fc27
2018-03-15 15:29:27
[SECURITY] Fedora 28 Update: python-django-2.0.3-1.fc28
2018-03-30 13:28:29
openvas
openvas
Ubuntu: Security Advisory (USN-3591-1)
2018-03-14 00:00:00
Debian: Security Advisory (DLA-1303-1)
2018-03-26 00:00:00
Mageia: Security Advisory (MGASA-2018-0166)
2022-01-28 00:00:00
debian
debian
[SECURITY] [DLA 1303-1] python-django security update
2018-03-08 07:55:39
[SECURITY] [DSA 4161-1] python-django security update
2018-04-01 13:16:40
[SECURITY] [DSA 4161-1] python-django security update
2018-04-01 13:16:40
archlinux
archlinux
[ASA-201803-6] python2-django: denial of service
2018-03-06 00:00:00
[ASA-201803-5] python-django: denial of service
2018-03-06 00:00:00
ubuntu
ubuntu
Django vulnerabilities
2018-03-06 00:00:00
mageia
mageia
Updated python-django packages fix security vulnerabilities
2018-03-14 19:21:20
redhat
redhat
altlinux
altlinux