Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/python-django@1.8.19-1?arch=el7ost

Type rpm

Namespace redhat

Name python-django

Version 1.8.19-1

Qualifiers

arch	el7ost

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-mv1p-yxvp-pbh6

vulnerability_id

VCID-mv1p-yxvp-pbh6

summary

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:2927

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2927

reference_url

https://access.redhat.com/errata/RHSA-2019:0051

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0051

reference_url

https://access.redhat.com/errata/RHSA-2019:0082

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0082

reference_url

https://access.redhat.com/errata/RHSA-2019:0265

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0265

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7536.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7536.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7536

reference_id

reference_type

scores

value	0.01372
scoring_system	epss
scoring_elements	0.80188
published_at	2026-04-07T12:55:00Z

value	0.01372
scoring_system	epss
scoring_elements	0.80199
published_at	2026-04-04T12:55:00Z

value	0.01372
scoring_system	epss
scoring_elements	0.80179
published_at	2026-04-02T12:55:00Z

value	0.01372
scoring_system	epss
scoring_elements	0.80216
published_at	2026-04-08T12:55:00Z

value	0.01372
scoring_system	epss
scoring_elements	0.80226
published_at	2026-04-09T12:55:00Z

value	0.01372
scoring_system	epss
scoring_elements	0.80244
published_at	2026-04-11T12:55:00Z

value	0.01372
scoring_system	epss
scoring_elements	0.8023
published_at	2026-04-12T12:55:00Z

value	0.01372
scoring_system	epss
scoring_elements	0.80224
published_at	2026-04-13T12:55:00Z

value	0.01372
scoring_system	epss
scoring_elements	0.80252
published_at	2026-04-16T12:55:00Z

value	0.01372
scoring_system	epss
scoring_elements	0.80254
published_at	2026-04-18T12:55:00Z

value	0.01372
scoring_system	epss
scoring_elements	0.80257
published_at	2026-04-21T12:55:00Z

value	0.01372
scoring_system	epss
scoring_elements	0.80172
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7536

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537

reference_url

https://github.com/advisories/GHSA-r28v-mw67-m5p9

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-r28v-mw67-m5p9

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2

reference_url

https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16

reference_url

https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html

reference_url

https://usn.ubuntu.com/3591-1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3591-1

reference_url	https://usn.ubuntu.com/3591-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3591-1/

reference_url

https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361

reference_url

https://www.debian.org/security/2018/dsa-4161

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4161

reference_url

https://www.djangoproject.com/weblog/2018/mar/06/security-releases

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2018/mar/06/security-releases

reference_url	https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2018/mar/06/security-releases/

reference_url	http://www.securityfocus.com/bid/103361
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103361

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1549777
reference_id	1549777
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1549777

reference_url	https://security.archlinux.org/ASA-201803-5
reference_id	ASA-201803-5
reference_type
scores
url	https://security.archlinux.org/ASA-201803-5

reference_url

https://security.archlinux.org/AVG-649

reference_id

AVG-649

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-649

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7536

reference_id

CVE-2018-7536

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7536

fixed_packages

aliases

CVE-2018-7536, GHSA-r28v-mw67-m5p9, PYSEC-2018-5

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-mv1p-yxvp-pbh6

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-django@1.8.19-1%3Farch=el7ost

Package Instance