Bug 1549779 (CVE-2018-7537) - CVE-2018-7537 django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html'
Summary: CVE-2018-7537 django: Catastrophic backtracking in regular expressions via 't...
Alias: CVE-2018-7537
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1549907 1549908 1552177 1552178 1552179 1552306 1554696 1557457 1557458 1557459
Blocks: 1549781
TreeView+ depends on / blocked
Reported: 2018-02-27 20:07 UTC by Pedro Sampaio
Modified: 2021-02-17 00:44 UTC (History)
35 users (show)

Fixed In Version: Django 2.0.3, Django 1.11.11, Django 1.8.19
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-06-08 03:41:46 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2927 0 None None None 2018-10-16 15:21:30 UTC
Red Hat Product Errata RHSA-2019:0265 0 None None None 2019-02-04 07:43:42 UTC

Description Pedro Sampaio 2018-02-27 20:07:42 UTC
CVE-2018-7537: Denial-of-service possibility in ``truncatechars_html``
and ``truncatewords_html`` template filters

If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods
were passed the ``html=True`` argument, they were extremely slow to evaluate
certain inputs due to a catastrophic backtracking vulnerability in a regular
expression. The ``chars()`` and ``words()`` methods are used to
implement the ``truncatechars_html`` and ``truncatewords_html`` template
filters, which were thus vulnerable.

The backtracking problem in the regular expression is fixed.

Comment 5 Adam Mariš 2018-03-06 16:14:24 UTC

Name: the Django project

Comment 6 Adam Mariš 2018-03-06 16:14:42 UTC
External References:


Comment 7 Adam Mariš 2018-03-06 16:17:25 UTC
Created python-django tracking bugs for this issue:

Affects: fedora-all [bug 1552178]
Affects: epel-7 [bug 1552179]

Created python-django16 tracking bugs for this issue:

Affects: epel-7 [bug 1552177]

Comment 11 Andrej Nemec 2018-05-14 15:22:33 UTC

This issue affects the versions of django as shipped with Red Hat Subscription Asset Manager. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Comment 12 errata-xmlrpc 2018-10-16 15:20:58 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.4 for RHEL 7

Via RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927

Comment 13 errata-xmlrpc 2019-02-04 07:43:40 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.4 for RHEL 7

Via RHSA-2019:0265 https://access.redhat.com/errata/RHSA-2019:0265

Note You need to log in before you can comment on or make changes to this bug.