Catastrophic Backtracking in Django URL Handling Affecting Multiple Versions
CVE-2018-7536
5.3MEDIUM
What is CVE-2018-7536?
A performance issue arises in Django versions 2.0 (prior to 2.0.3), 1.11 (prior to 1.11.11), and 1.8 (prior to 1.8.19) due to catastrophic backtracking vulnerabilities in the django.utils.html.urlize() function. This vulnerability affects the evaluation speed of certain inputs, leveraging ineffective regular expressions. The urlize() function is integral for implementing the urlize and urlizetrunc template filters, thus exposing applications using these filters to potential performance degradation.