[3.6] py-django: Multiple vulnerabilitie (CVE-2018-7536, CVE-2018-7537)| ID: oval:org.secpod.oval:def:1800952 | Date: (C)2018-03-30 (M)2023-12-14 |
| Class: PATCH | Family: unix |
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters¶ The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions . The urlize function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. Fixed In Version:¶ Django 2.0.3, Django 1.11.11, Django 1.8.19
| Platform: |
| Alpine Linux 3.6 |
