Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-7536
HistoryMar 06, 2018 - 12:00 a.m.

CVE-2018-7536

2018-03-0600:00:00
ubuntu.com
ubuntu.com
7

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

80.4%

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11,
and 1.8 before 1.8.19. The django.utils.html.urlize() function was
extremely slow to evaluate certain inputs due to catastrophic backtracking
vulnerabilities in two regular expressions (only one regular expression for
Django 1.8.x). The urlize() function is used to implement the urlize and
urlizetrunc template filters, which were thus vulnerable.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchpython-django< 1.6.11-0ubuntu1.2UNKNOWN
ubuntu16.04noarchpython-django< 1.8.7-1ubuntu5.6UNKNOWN
ubuntu17.10noarchpython-django< 1:1.11.4-1ubuntu1.2UNKNOWN

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

80.4%

Related for UB:CVE-2018-7536