PYSEC-2015-19

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2015-19.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2015-19

Aliases

CVE-2015-3982
GHSA-6wgp-fwfm-mxp3

Published

2015-06-02T14:59:00Z

Modified

2024-05-07T15:11:30.346191Z

Summary

[none]

Details

The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.

References

https://www.djangoproject.com/weblog/2015/may/20/security-release/
http://www.securityfocus.com/bid/74960

Affected packages

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.8

Fixed

1.8.2

Affected versions

1.*

1.8

1.8.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2015-19.yaml"