Data leakage via cache key collision in Django
High severity
GitHub Reviewed
Published
Jun 5, 2020
to the GitHub Advisory Database
•
Updated Nov 18, 2024
Package
Affected versions
>= 2.2, < 2.2.13
>= 3.0, < 3.0.7
Patched versions
2.2.13
3.0.7
Description
Published by the National Vulnerability Database
Jun 3, 2020
Reviewed
Jun 4, 2020
Published to the GitHub Advisory Database
Jun 5, 2020
Last updated
Nov 18, 2024
An issue was discovered in Django version 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
References