CVE-2018-7537

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-7537
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7537.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-7537
Aliases
Downstream
Related
Published
2018-03-09T20:29:00.660Z
Modified
2026-05-08T12:20:29.276409Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatecharshtml and truncatewordshtml template filters, which were thus vulnerable.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "14.04"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "16.04"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "17.10"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/django/django

Affected ranges

Type
GIT
Repo
https://github.com/django/django
Events
Introduced
6a0dc2176f4ebf907e124d433411e52bba39a28e
Fixed
c686dd8e6bb3817bcf04b8f13c025b4d3c3dc6dc
Introduced
c669cf279ae7b3e02a61db4fb077030a4db80e4f
Fixed
1cc5aceac0a73468a6d1a671b9c86423e5bcf011
Introduced
8c85c8692240e5ae4b568eb4272475fe1fa4b059
Fixed
2d73ffc6f96e399716a1ed3f58acd4e99afa3d33
Database specific 
{
    "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "1.8"
        },
        {
            "fixed": "1.8.19"
        },
        {
            "introduced": "1.11"
        },
        {
            "fixed": "1.11.11"
        },
        {
            "introduced": "2.0"
        },
        {
            "fixed": "2.0.3"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7537.json"