VYPR
Medium severity5.3NVD Advisory· Published Mar 9, 2018· Updated Jun 17, 2026

CVE-2018-7537

CVE-2018-7537

Description

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
>= 2.0, < 2.0.32.0.3
DjangoPyPI
>= 1.11, < 1.11.111.11.11
DjangoPyPI
>= 1.8, < 1.8.191.8.19

Affected products

10

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.