CVE-2015-5963 Medium Severity Vulnerability detected by WhiteSource #35
Description
CVE-2015-5963 - Medium Severity Vulnerability
Vulnerable Library - Django-1.4.1.tar.gz
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
path: /test1111/requirements.txt
Library home page: https://pypi.python.org/packages/e6/3f/f3e67d9c2572765ffe4268fc7f9997ce3b02e78fd144733f337d72dabb12/Django-1.4.1.tar.gz
Dependency Hierarchy:
- ❌ Django-1.4.1.tar.gz (Vulnerable Library)
Found in HEAD commit: ea978d1774903e4022b7273f99c76e52271d67fa
Vulnerability Details
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.
Publish Date: 2015-08-24
URL: CVE-2015-5963
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: http://www.securitytracker.com/id/1033318
Fix Resolution: The vendor has issued a fix (1.4.22, 1.7.10, 1.8.4).
The vendor's advisory is available at:
https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
Step up your Open Source Security Game with WhiteSource here