Session Hijacking Affecting django package, versions [,1.4.14) [1.5,1.5.9) [1.6,1.6.6)
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Threat Intelligence
EPSS
0.39% (74th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-DJANGO-40261
- published 14 May 2014
- disclosed 14 May 2014
- credit David Greisen
Introduced: 14 May 2014
CVE-2014-0482 Open this link in a new tabOverview
django
is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Session Hijacking. The RemoteUserMiddleware
when using the contrib.auth.backends.RemoteUserBackend
backend, allows remote authenticated users to hijack web sessions via the REMOTE_USER
header as logout/login actions are not checked.