Lucene search

GoogleOSV:GHSA-X88J-93VC-WPMP

HistoryJul 23, 2018 - 7:52 p.m.

Moderate severity vulnerability that affects django

2018-07-2319:52:39

Google

osv.dev

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session’s identifier.

CPENameOperatorVersion
djangoeq1.2.1
djangoeq1.2.2
djangoeq1.2.6
djangoeq1.2.3
djangoeq1.3
djangoeq1.2
djangoeq1.2.5
djangoeq1.2.4

Name	Operator	Version
django	eq	1.2.1
django	eq	1.2.2
django	eq	1.2.6
django	eq	1.2.3
django	eq	1.3
django	eq	1.2
django	eq	1.2.5
django	eq	1.2.4

References

openwall.com/lists/oss-security/2011/09/11/1

openwall.com/lists/oss-security/2011/09/13/2

secunia.com/advisories/46614

www.debian.org/security/2011/dsa-2332

bugzilla.redhat.com/show_bug.cgi?id=737366

github.com/advisories/GHSA-x88j-93vc-wpmp

github.com/django/django

hermes.opensuse.org/messages/14700881

nvd.nist.gov/vuln/detail/CVE-2011-4136

www.djangoproject.com/weblog/2011/sep/09

www.djangoproject.com/weblog/2011/sep/10/127

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

Related for OSV:GHSA-X88J-93VC-WPMP