CVE-2018-7537 (retired)

Priority
Description
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11,
and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words()
methods were passed the html=True argument, they were extremely slow to
evaluate certain inputs due to a catastrophic backtracking vulnerability in
a regular expression. The chars() and words() methods are used to implement
the truncatechars_html and truncatewords_html template filters, which were
thus vulnerable.
Assigned-to
mdeslaur
Package
Upstream:released (1.8.19,1.11.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.6.11-0ubuntu1.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.7-1ubuntu5.6)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:1.11.11-1ubuntu1)
More Information

Updated: 2019-03-26 12:27:47 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)