mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 10:59:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.

Browse source 
Thanks to Guido Vranken for initial report.
This commit is contained in:
Florian Apolloner 2019-07-15 11:46:09 +02:00 committed by Carlton Gibson
parent eea0bf7bd5
commit 7f65974f82
6 changed files with 67 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

14
docs/releases/1.11.23.txt
View file

@ -5,3 +5,17 @@ Django 1.11.23 release notes
*August 1, 2019*
Django 1.11.23 fixes security issues in 1.11.22.
CVE-2019-14232: Denial-of-service possibility in ``django.utils.text.Truncator``
================================================================================
If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods
were passed the ``html=True`` argument, they were extremely slow to evaluate
certain inputs due to a catastrophic backtracking vulnerability in a regular
expression. The ``chars()`` and ``words()`` methods are used to implement the
:tfilter:`truncatechars_html` and :tfilter:`truncatewords_html` template
filters, which were thus vulnerable.
The regular expressions used by ``Truncator`` have been simplified in order to
avoid potential backtracking issues. As a consequence, trailing punctuation may
now at times be included in the truncated output.

14
docs/releases/2.1.11.txt
View file

@ -5,3 +5,17 @@ Django 2.1.11 release notes
*August 1, 2019*
Django 2.1.11 fixes security issues in 2.1.10.
CVE-2019-14232: Denial-of-service possibility in ``django.utils.text.Truncator``
================================================================================
If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods
were passed the ``html=True`` argument, they were extremely slow to evaluate
certain inputs due to a catastrophic backtracking vulnerability in a regular
expression. The ``chars()`` and ``words()`` methods are used to implement the
:tfilter:`truncatechars_html` and :tfilter:`truncatewords_html` template
filters, which were thus vulnerable.
The regular expressions used by ``Truncator`` have been simplified in order to
avoid potential backtracking issues. As a consequence, trailing punctuation may
now at times be included in the truncated output.

14
docs/releases/2.2.4.txt
View file

@ -6,6 +6,20 @@ Django 2.2.4 release notes
Django 2.2.4 fixes security issues and several bugs in 2.2.3.
CVE-2019-14232: Denial-of-service possibility in ``django.utils.text.Truncator``
================================================================================
If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods
were passed the ``html=True`` argument, they were extremely slow to evaluate
certain inputs due to a catastrophic backtracking vulnerability in a regular
expression. The ``chars()`` and ``words()`` methods are used to implement the
:tfilter:`truncatechars_html` and :tfilter:`truncatewords_html` template
filters, which were thus vulnerable.
The regular expressions used by ``Truncator`` have been simplified in order to
avoid potential backtracking issues. As a consequence, trailing punctuation may
now at times be included in the truncated output.
Bugfixes
========