The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2015-06-02T14:00:00
Updated: 2024-08-06T06:04:02.239Z
Reserved: 2015-05-13T00:00:00
Link: CVE-2015-3982
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-06-02T14:59:10.987
Modified: 2024-11-21T02:30:12.190
Link: CVE-2015-3982
Redhat