CVE-2015-5143: Django Denial-of-service by filling session store
(updated )
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
References
- github.com/advisories/GHSA-h582-2pch-3xv3
- github.com/django/django
- github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663
- github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9
- github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-20.yaml
- nvd.nist.gov/vuln/detail/CVE-2015-5143
- security.gentoo.org/glsa/201510-06
- www.djangoproject.com/weblog/2015/jul/08/security-releases
Detect and mitigate CVE-2015-5143 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →