CVE-2007-0405 – django

Package

Manager: pip
Name: django
Vulnerable Version: =0.95 || >=0.95 <1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00602 pctl0.68552

Details

Django Improper Access Control The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.

Metadata

Created: 2022-05-01T17:44:04Z
Modified: 2025-04-09T14:34:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mwv2-398h-v489/GHSA-mwv2-398h-v489.json
CWE IDs: []
Alternative ID: GHSA-mwv2-398h-v489
Finding: F039
Auto approve: 1