7 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.7%
The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.
www.securityfocus.com/bid/74960
www.djangoproject.com/weblog/2015/may/20/security-release/