Is CVE-2018-7536 actively exploited?

CVE-2018-7536 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2018-7536?

CVE-2018-7536 has a CVSS score of 5.3 (MEDIUM severity). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

How do I patch CVE-2018-7536?

Patch guidance is available from canonical security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-7536.

CVE-2018-7536 - remediation guidance & executive summary

Q: Which products are affected by CVE-2018-7536?

11 products: canonical ubuntu linux, canonical ubuntu linux, canonical ubuntu linux, djangoproject django, djangoproject django, and 6 more.

Description

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low
Weaknesses: CWE-185

Metadata

Primary Vendor: CANONICAL
Published: 3/9/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

canonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxdjangoproject : djangodjangoproject : djangodjangoproject : djangodebian : debian_linuxdebian : debian_linuxdebian : debian_linuxredhat : openstackredhat : openstack

Remediation Guidance

Executive Summary

Cite this page

CVE-2018-7536. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2018-7536

View on NIST NVD

CVE-2018-7536 vulnerability