GHSA-pgxh-wfw4-jx2v

Source

https://github.com/advisories/GHSA-pgxh-wfw4-jx2v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pgxh-wfw4-jx2v/GHSA-pgxh-wfw4-jx2v.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-pgxh-wfw4-jx2v

Aliases

Published

2022-05-17T00:36:02Z

Modified

2025-02-18T06:03:34.010780Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
6.6 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

Django denial of service via empty session record creation

Details

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

Database specific

{
    "github_reviewed_at": "2023-08-03T20:01:52Z",
    "cwe_ids": [
        "CWE-770"
    ],
    "nvd_published_at": "2015-08-24T14:59:00Z",
    "github_reviewed": true,
    "severity": "MODERATE"
}

References

Affected packages

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.8

Fixed

1.8.4

Affected versions

1.*

1.8

1.8.1

1.8.2

1.8.3

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.7

Fixed

1.7.10

Affected versions

1.*

1.7

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.4

Fixed

1.4.22

Affected versions

1.*

1.4

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.4.10

1.4.11

1.4.12

1.4.13

1.4.14

1.4.15

1.4.16

1.4.17

1.4.18

1.4.19

1.4.20

1.4.21