CVE-2018-7537
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-7537
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Django 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Django是Django软件基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 2.0.3之前2.0版本、1.11.11之前1.11版本和1.8.19之前1.8版本中的正则表达式存在拒绝服务漏洞。攻击者可利用该漏洞造成拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2018-7537
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-7537
Please Login to view more intelligence information
- https://www.djangoproject.com/weblog/2018/mar/06/security-releases/x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2018-7537
Same Patch Batch · n/a · 2018-03-09 · 30 CVEs total
| CVE-2016-0274 | IBM Financial Transaction Manager 安全漏洞 | |
| CVE-2018-7582 | WebLog Expert Web Server Enterprise 安全漏洞 | |
| CVE-2018-7581 | WebLog Expert Web Server Enterprise 安全漏洞 | |
| CVE-2018-7290 | Tiki 跨站脚本漏洞 | |
| CVE-2014-6617 | Softing FG-100 PB PROFIBUS 安全漏洞 | |
| CVE-2014-4861 | Thycotic Secret Server Remote Desktop Launcher 安全漏洞 | |
| CVE-2014-2592 | Aruba Web Management portal 安全漏洞 | |
| CVE-2018-8002 | PoDoFo 安全漏洞 | |
| CVE-2018-8001 | PoDoFo 缓冲区错误漏洞 | |
| CVE-2018-8000 | PoDoFo 缓冲区错误漏洞 | |
| CVE-2018-7999 | Graphite2 libgraphite2 安全漏洞 | |
| CVE-2018-7998 | libvips 安全漏洞 | |
| CVE-2016-0286 | IBM Tivoli Business Service Manager 信息泄露漏洞 | |
| CVE-2016-0276 | IBM Financial Transaction Manager 安全漏洞 | |
| CVE-2016-0275 | IBM Financial Transaction Manager 信息泄露漏洞 | |
| CVE-2018-7536 | Django 安全漏洞 | |
| CVE-2016-0272 | IBM Financial Transaction Manager 跨站请求伪造漏洞 | |
| CVE-2016-0268 | IBM Financial Transaction Manager 安全漏洞 | |
| CVE-2016-0253 | IBM Financial Transaction Manager 跨站脚本漏洞 | |
| CVE-2017-17304 | Huawei DP300 输入验证错误漏洞 |
Showing top 20 of 30 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8226
Open5GS types.c ogs_pcc_rule_install_flow_from_media denial - CVE-2026-8225
Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_han - CVE-2026-8224
Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of serv - CVE-2026-8223
Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send - CVE-2026-8222
Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_managem
V. Comments for CVE-2018-7537
No comments yet