Performance Impact in Django Framework's Text Processing Functions
CVE-2018-7537
5.3MEDIUM
What is CVE-2018-7537?
A performance issue has been identified in the Django framework that affects the chars() and words() methods within the django.utils.text.Truncator when the html=True argument is used. This flaw can lead to significant slowdowns during evaluation of certain inputs, as it involves catastrophic backtracking in a regular expression. These methods are integral to the truncatechars_html and truncatewords_html template filters, thus rendering them vulnerable to performance degradation under specific conditions.