Session Manipulation Affecting django package, versions [,1.2.7) [1.3,1.3.1)
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Threat Intelligence
EPSS
1.84% (89th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-DJANGO-40079
- published 11 Sep 2011
- disclosed 11 Sep 2011
- credit Paul McMillan
Introduced: 11 Sep 2011
CVE-2011-4136 Open this link in a new tabOverview
django
is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Session Manipulation. It stored session data in the cache using the root namespace for both session identifiers and application-data keys. This allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.