Catastrophic Backtracking in Django URL Handling Affecting Multiple Versions
CVE-2018-7536
5.3MEDIUM
Summary
A performance issue arises in Django versions 2.0 (prior to 2.0.3), 1.11 (prior to 1.11.11), and 1.8 (prior to 1.8.19) due to catastrophic backtracking vulnerabilities in the django.utils.html.urlize() function. This vulnerability affects the evaluation speed of certain inputs, leveraging ineffective regular expressions. The urlize() function is integral for implementing the urlize and urlizetrunc template filters, thus exposing applications using these filters to potential performance degradation.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved