PYSEC-2018-5

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2018-5.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2018-5
Aliases
Published
2018-03-09T20:29:00Z
Modified
2023-11-08T04:00:22.813615Z
Summary
[none]
Details

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

References

Affected packages

PyPI / django

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.8
Fixed
1.8.19
Introduced
1.11
Fixed
1.11.11
Introduced
2.0
Fixed
2.0.3

Affected versions

1.*

1.8
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
1.8.10
1.8.11
1.8.12
1.8.13
1.8.14
1.8.15
1.8.16
1.8.17
1.8.18
1.11
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.11.6
1.11.7
1.11.8
1.11.9
1.11.10

2.*

2.0
2.0.1
2.0.2