Описание
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00556
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
ubuntu
больше 18 лет назад
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.
debian
больше 18 лет назад
The LazyUser class in the AuthenticationMiddleware for Django 0.95 doe ...
EPSS
Процентиль: 67%
0.00556
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other