Catastrophic Backtracking in Django URL Handling Affecting Multiple Versions
CVE-2018-7536

5.3MEDIUM

Key Information:

Vendor: Canonical
Status: Ubuntu Linux
Vendor: CVE Published:; 9 March 2018

What is CVE-2018-7536?

A performance issue arises in Django versions 2.0 (prior to 2.0.3), 1.11 (prior to 1.11.11), and 1.8 (prior to 1.8.19) due to catastrophic backtracking vulnerabilities in the django.utils.html.urlize() function. This vulnerability affects the evaluation speed of certain inputs, leveraging ineffective regular expressions. The urlize() function is integral for implementing the urlize and urlizetrunc template filters, thus exposing applications using these filters to potential performance degradation.