Performance Impact in Django Framework's Text Processing Functions
CVE-2018-7537
5.3MEDIUM
Summary
A performance issue has been identified in the Django framework that affects the chars() and words() methods within the django.utils.text.Truncator when the html=True argument is used. This flaw can lead to significant slowdowns during evaluation of certain inputs, as it involves catastrophic backtracking in a regular expression. These methods are integral to the truncatechars_html and truncatewords_html template filters, thus rendering them vulnerable to performance degradation under specific conditions.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved