CVE-2018-7536

django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'

Severity Score

5.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

Se ha descubierto un problema en Django, en versiones 2.0 anteriores a la 2.0.3; versiones 1.11 anteriores a la 1.11.11 y versiones 1.8 anteriores a la 1.8.19. La función django.utils.html.urlize() fue extremadamente lenta a la hora de evaluar ciertas entradas debido a vulnerabilidades catastróficas de búsqueda hacia atrás en dos expresiones regulares (solo una en el caso de las versiones 1.8.x de Django). La función urlize() se emplea para implementar las plantillas de filtro urlize y urlizetrunc que, por lo tanto, eran vulnerables.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-02-26 CVE Reserved
2018-03-06 CVE Published
2024-05-04 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-185: Incorrect Regular Expression
CWE-400: Uncontrolled Resource Consumption

CAPEC

References (14)

URL	Tag	Source
http://www.securityfocus.com/bid/103361	Third Party Advisory
https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2
https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8
https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2018:2927	2023-12-07
https://access.redhat.com/errata/RHSA-2019:0051	2023-12-07
https://access.redhat.com/errata/RHSA-2019:0082	2023-12-07
https://access.redhat.com/errata/RHSA-2019:0265	2023-12-07
https://usn.ubuntu.com/3591-1	2023-12-07
https://www.debian.org/security/2018/dsa-4161	2023-12-07
https://www.djangoproject.com/weblog/2018/mar/06/security-releases	2023-12-07
https://access.redhat.com/security/cve/CVE-2018-7536	2019-02-04
https://bugzilla.redhat.com/show_bug.cgi?id=1549777	2019-02-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10"		-		Affected
Djangoproject Search vendor "Djangoproject"		Django Search vendor "Djangoproject" for product "Django"				>= 1.8 < 1.8.19 Search vendor "Djangoproject" for product "Django" and version " >= 1.8 < 1.8.19"		-		Affected
Djangoproject Search vendor "Djangoproject"		Django Search vendor "Djangoproject" for product "Django"				>= 1.11 < 1.11.11 Search vendor "Djangoproject" for product "Django" and version " >= 1.11 < 1.11.11"		-		Affected
Djangoproject Search vendor "Djangoproject"		Django Search vendor "Djangoproject" for product "Django"				>= 2.0 < 2.0.3 Search vendor "Djangoproject" for product "Django" and version " >= 2.0 < 2.0.3"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Redhat Search vendor "Redhat"		Openstack Search vendor "Redhat" for product "Openstack"				10 Search vendor "Redhat" for product "Openstack" and version "10"		-		Affected
Redhat Search vendor "Redhat"		Openstack Search vendor "Redhat" for product "Openstack"				13 Search vendor "Redhat" for product "Openstack" and version "13"		-		Affected