Lucene search
K

6 matches found

OSV
OSV
added 2026/05/08 8:41 a.m.7 views

BIT-DJANGO-2026-6907 Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.7AI score0.00358EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/06 1:45 a.m.13 views

SUSE CVE-2026-6907

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

4.3CVSS5.7AI score0.00358EPSS
Exploits0References6
OSV
OSV
added 2026/05/05 6:33 p.m.4 views

GHSA-5HRC-GVXJ-W55P Django Uses Cache Containing Sensitive Information

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

4.3CVSS5.7AI score0.00358EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/05 2:50 p.m.7 views

CVE-2026-6907 Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

4.3CVSS5.7AI score0.00358EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:50 p.m.4 views

CVE-2026-6907

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-6907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary head...

5.3CVSS7AI score0.00358EPSS
Exploits0References3
Rows per page
Query Builder