CVE-2007-0405

2007-01-23T00:28:00
ID CVE-2007-0405
Type cve
Reporter cve@mitre.org
Modified 2017-07-29T01:30:00

Description

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.