CVE-2018-7536 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-7536 Interim 1 25 2023-03-21T01:24:29Z current 2021-05-30T14:11:26Z 2023-03-21T01:24:29Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-7536 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2018-April/003895.html E-Mail link for SUSE-SU-2018:0973-1 https://lists.suse.com/pipermail/sle-security-updates/2018-April/003965.html E-Mail link for SUSE-SU-2018:1102-1 https://lists.suse.com/pipermail/sle-security-updates/2018-June/004225.html E-Mail link for SUSE-SU-2018:1828-1 https://lists.suse.com/pipermail/sle-security-updates/2018-June/004226.html E-Mail link for SUSE-SU-2018:1830-1 https://lists.opensuse.org/opensuse-updates/2018-03/msg00031.html E-Mail link for openSUSE-SU-2018:0651-1 https://lists.opensuse.org/opensuse-updates/2018-03/msg00103.html E-Mail link for openSUSE-SU-2018:0824-1 https://lists.opensuse.org/opensuse-updates/2018-03/msg00105.html E-Mail link for openSUSE-SU-2018:0826-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OGS4NP24275NERRPQV6A6EONV6W3C2SK/ E-Mail link for openSUSE-SU-2023:0077-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 4 SUSE Enterprise Storage 5 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE Package Hub 12 SUSE Package Hub 12 SP1 openSUSE Tumbleweed python-Django-1.11.11-8.1 python-Django-1.11.15-2.1 python-Django-1.6.11-5.5.1 python-Django-1.6.11-6.5.1 python-Django-1.8.19-3.4.1 python-Django-1.8.19-3.6.1 python36-Django-3.2.7-2.3 python38-Django-3.2.7-2.3 python39-Django-3.2.7-2.3 python-Django-1.6.11-5.5.1 as a component of SUSE Enterprise Storage 4 python-Django-1.6.11-6.5.1 as a component of SUSE Enterprise Storage 5 python-Django-1.8.19-3.6.1 as a component of SUSE OpenStack Cloud 6 python-Django-1.8.19-3.4.1 as a component of SUSE OpenStack Cloud 7 python-Django-1.11.11-8.1 as a component of SUSE Package Hub 12 python-Django-1.11.15-2.1 as a component of SUSE Package Hub 12 SP1 python36-Django-3.2.7-2.3 as a component of openSUSE Tumbleweed python38-Django-3.2.7-2.3 as a component of openSUSE Tumbleweed python39-Django-3.2.7-2.3 as a component of openSUSE Tumbleweed An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. CVE-2018-7536 SUSE Enterprise Storage 4:python-Django-1.6.11-5.5.1 SUSE Enterprise Storage 5:python-Django-1.6.11-6.5.1 SUSE OpenStack Cloud 6:python-Django-1.8.19-3.6.1 SUSE OpenStack Cloud 7:python-Django-1.8.19-3.4.1 SUSE Package Hub 12:python-Django-1.11.11-8.1 SUSE Package Hub 12 SP1:python-Django-1.11.15-2.1 openSUSE Tumbleweed:python36-Django-3.2.7-2.3 openSUSE Tumbleweed:python38-Django-3.2.7-2.3 openSUSE Tumbleweed:python39-Django-3.2.7-2.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L