CVE-2011-4136

Priority
Description
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when
session data is stored in the cache, uses the root namespace for both
session identifiers and application-data keys, which allows remote
attackers to modify a session by triggering use of a key that is equal to
that session's identifier.
Assigned-to
jdstrand
More Information

Updated: 2019-03-19 12:01:32 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)