CVE-2007-0405

Published: 23 January 2007

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.

Priority

Unknown

Status

Package Release Status
python-django
Launchpad, Ubuntu, Debian
Upstream
Released (0.95.1)