CVE-2007-0405

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/01/2007
Last modified:
09/04/2025

Description

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*