GHSA-wpjr-j57x-wxfw

Source

https://github.com/advisories/GHSA-wpjr-j57x-wxfw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-wpjr-j57x-wxfw/GHSA-wpjr-j57x-wxfw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wpjr-j57x-wxfw

Aliases

Published

2020-06-05T16:20:44Z

Modified

2024-02-18T05:27:12.416093Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Data leakage via cache key collision in Django

Details

An issue was discovered in Django version 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

References

Affected packages

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.2.13

Affected versions

2.*

2.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.12

2.0.13

2.1a1

2.1b1

2.1rc1

2.1

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.2a1

2.2b1

2.2rc1

2.2

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.2.11

2.2.12

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.0.7

Affected versions

3.*

3.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6