CVE-2015-3982

The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key. (CVSS:5.0) (Last Update:2015-06-03)

Leave a Reply