Описание
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| edgy | DNE | |
| feisty | not-affected | |
| gutsy | not-affected | |
| upstream | released | 0.95.1 |
Показывать по
10
Ссылки на источники
EPSS
Процентиль: 72%
0.00733
Низкий
6.5 Medium
CVSS2
Связанные уязвимости
nvd
почти 19 лет назад
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.
debian
почти 19 лет назад
The LazyUser class in the AuthenticationMiddleware for Django 0.95 doe ...
EPSS
Процентиль: 72%
0.00733
Низкий
6.5 Medium
CVSS2