Performance Impact in Django Framework's Text Processing Functions
CVE-2018-7537

5.3MEDIUM

Key Information:

Vendor
Canonical
Vendor
CVE Published:
9 March 2018

Summary

A performance issue has been identified in the Django framework that affects the chars() and words() methods within the django.utils.text.Truncator when the html=True argument is used. This flaw can lead to significant slowdowns during evaluation of certain inputs, as it involves catastrophic backtracking in a regular expression. These methods are integral to the truncatechars_html and truncatewords_html template filters, thus rendering them vulnerable to performance degradation under specific conditions.

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.