5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.024 Low
EPSS
Percentile
88.6%
Previously, a session could be created when anonymously accessing the
django.contrib.auth.views.logout view (provided it wasn’t decorated with
django.contrib.auth.decorators.login_required as done in the admin).
This could allow an attacker to easily create many new session records
by sending repeated requests, potentially filling up the session store
or causing other users’ session records to be evicted.
The django.contrib.sessions.middleware.SessionMiddleware has been
modified to no longer create empty session records.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
any | any | any | python-django | < 1.8.4-1 | UNKNOWN |
any | any | any | python2-django | < 1.8.4-1 | UNKNOWN |