[3.4] py-django: Multiple vulnerabilities (CVE-2018-7536, CVE-2018-7537)ID: oval:org.secpod.oval:def:1800938 | Date: (C)2018-03-30 (M)2023-12-14 |
Class: PATCH | Family: unix |
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters¶ The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions . The urlize function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. Fixed In Version Django 2.0.3, Django 1.11.11, Django 1.8.19
Platform: |
Alpine Linux 3.4 |