Alpine: Django: security update to 1.11.10-r0 (deprecated)

medium Tenable Cloud Security Plugin ID 400744

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The
django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic
backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x).
The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus
vulnerable. (CVE-2018-7536)

- An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If
django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were
extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular
expression. The chars() and words() methods are used to implement the truncatechars_html and
truncatewords_html template filters, which were thus vulnerable. (CVE-2018-7537)

See Also

https://git.alpinelinux.org/aports/commit/?id=1b6a167de8ce02d69dc8a8c8f4638aefd27c0ebe

https://git.alpinelinux.org/aports/commit/?id=7f0d54bad668ff5111969a5de34d29472bb4a4ec

Plugin Details

Severity: Medium

ID: 400744

Version: Revision 1.25

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 1.2

Percentile: 0.01

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2018-7537

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 3/12/2018

Vulnerability Publication Date: 3/6/2018

Reference Information

CVE: CVE-2018-7536, CVE-2018-7537

BID: 103357, 103361