Ubuntu Security Update USN-8232-1: Django vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,740
Reaction score
74
Credits
-1,257
It was discovered that Django did not vary cached response headers on cookies when sessions were not modified while SESSION_SAVE_EVERY_REQUEST was enabled. A remote attacker could possibly use this issue to steal a user's session. (CVE-2026-35192) Kyle Agronick and Jacob Walls discovered that Django incorrectly handled ASGI requests with missing or understated Content-Length header values. A remote attacker could possibly use this issue to cause Django to use excessive resources, leading to a denial of service. (CVE-2026-5766) Ahmad Sadeddin discovered that Django UpdateCacheMiddleware incorrectly cached requests where the Vary header contained an asterisk. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6907)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-8154-1: Django vulnerabilities
Replies
0
Views
123
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8154-2: Django vulnerabilities
Replies
0
Views
162
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8009-1: Django vulnerabilities
Replies
0
Views
169
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8375-1: nginx vulnerabilities
Replies
0
Views
28
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8348-1: GoBGP vulnerabilities
Replies
0
Views
29
LinuxBot
LinuxBot


Follow Linux.org

Members online

Total: 4,588 (members: 3, guests: 4,585)

Latest posts

Top