Improper Input Validation Affecting python-django package, versions <1.3.1-1


0.0
medium

Snyk CVSS

    Attack Complexity Low
    User Interaction Required

    Threat Intelligence

    EPSS 1.84% (88th percentile)
Expand this section
NVD
5.4 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIAN11-PYTHONDJANGO-520317
  • published 19 Oct 2011
  • disclosed 19 Oct 2011

How to fix?

Upgrade Debian:11 python-django to version 1.3.1-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-django package and not the python-django package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.