Session Hijacking Affecting django package, versions [,1.4.14) [1.5,1.5.9) [1.6,1.6.6)

Snyk CVSS

Attack Complexity Low

User Interaction Required

Threat Intelligence

EPSS 0.39% (74^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-DJANGO-40261
published 14 May 2014
disclosed 14 May 2014
credit David Greisen

Report a new vulnerability Found a mistake?

Introduced: 14 May 2014

CVE-2014-0482 Open this link in a new tab CWE-287 Open this link in a new tab

Overview

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Session Hijacking. The RemoteUserMiddleware when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via the REMOTE_USER header as logout/login actions are not checked.

Session Hijacking Affecting django package, versions [,1.4.14) [1.5,1.5.9) [1.6,1.6.6)

Snyk CVSS

Threat Intelligence

Introduced: 14 May 2014

Overview

References