ALT-PU-2019-1035-2 — python-module-django

BDU:2018-01507

MEDIUM5.3

Уязвимость функции django.utils.html.urlize и методов chars и words объектов django.utils.text.Truncator программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2018-12-18Modified: 2024-10-08

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CVE-2018-7537

CVE-2018-7536

MEDIUM5.3

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

Published: 2018-03-09Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2018-7537

MEDIUM5.3

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

Published: 2018-03-09Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

GHSA-2f9x-5v75-3qv4

LOW2.7

Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters

Published: 2019-01-04Modified: 2024-11-18

CVSS 3.xLOW 2.7

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 4.0LOW 2.7

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

References

GHSA-r28v-mw67-m5p9

MEDIUM6.9

Django denial-of-service possibility in urlize and urlizetrunc template filters

Published: 2019-01-04Modified: 2024-09-18

CVSS 3.x

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 4.0

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

References

Package update python-module-django in branch sisyphus

Closed issues (5)

Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters

Django denial-of-service possibility in urlize and urlizetrunc template filters

Closed bugs (1)

Сломалась сборка