CVE-2015-3982

2015-06-02T10:59:10
ID CVE-2015-3982
Type cve
Reporter NVD
Modified 2016-12-05T22:01:43

Description

The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.