Skip to content

Django Improper Access Control

Moderate severity GitHub Reviewed Published May 1, 2022 to the GitHub Advisory Database • Updated May 23, 2024

Package

pip Django (pip)

Affected versions

= 0.95

Patched versions

1.0

Description

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.

References

Published by the National Vulnerability Database Jan 23, 2007
Published to the GitHub Advisory Database May 1, 2022
Reviewed May 14, 2024
Last updated May 23, 2024

Severity

Moderate

EPSS score

0.368%
(73rd percentile)

Weaknesses

No CWEs

CVE ID

CVE-2007-0405

GHSA ID

GHSA-mwv2-398h-v489

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.