Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-abpe-htm1-9ubp
Summary
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.
Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker can steal a user's session after that user visits a cached public page.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Cantina for reporting this issue.
Aliases
0
alias CVE-2026-35192
1
alias PYSEC-2026-50
Fixed_packages
0
url pkg:pypi/django@5.2.14
purl pkg:pypi/django@5.2.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.14
1
url pkg:pypi/django@6.0.5
purl pkg:pypi/django@6.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.5
Affected_packages
0
url pkg:pypi/django@5.2
purl pkg:pypi/django@5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-7upw-5p86-8bfr
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-abpe-htm1-9ubp
6
vulnerability VCID-bb8b-hq41-s7a6
7
vulnerability VCID-eqsc-axng-ckca
8
vulnerability VCID-fcg9-xypn-ykhf
9
vulnerability VCID-ga69-9y5g-77c3
10
vulnerability VCID-ga7z-wj4j-63h1
11
vulnerability VCID-jybd-p65h-xffy
12
vulnerability VCID-kxdd-yzp3-r7cb
13
vulnerability VCID-m4am-h2ea-3ffr
14
vulnerability VCID-n2v7-jqjy-37bc
15
vulnerability VCID-phkp-9abp-f3dq
16
vulnerability VCID-r1vx-vv7d-gqaj
17
vulnerability VCID-shch-yusm-1uck
18
vulnerability VCID-shjc-2j68-2yfy
19
vulnerability VCID-tktt-vg92-6kae
20
vulnerability VCID-tuqc-c251-h7ds
21
vulnerability VCID-w777-44ns-cybg
22
vulnerability VCID-wa3g-27sx-mbcw
23
vulnerability VCID-whgc-pt2s-77ar
24
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2
1
url pkg:pypi/django@5.2.1
purl pkg:pypi/django@5.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-jybd-p65h-xffy
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-r1vx-vv7d-gqaj
14
vulnerability VCID-shch-yusm-1uck
15
vulnerability VCID-shjc-2j68-2yfy
16
vulnerability VCID-tktt-vg92-6kae
17
vulnerability VCID-tuqc-c251-h7ds
18
vulnerability VCID-wa3g-27sx-mbcw
19
vulnerability VCID-whgc-pt2s-77ar
20
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.1
2
url pkg:pypi/django@5.2.2
purl pkg:pypi/django@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
19
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2
3
url pkg:pypi/django@5.2.3
purl pkg:pypi/django@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
19
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.3
4
url pkg:pypi/django@5.2.4
purl pkg:pypi/django@5.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
19
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.4
5
url pkg:pypi/django@5.2.5
purl pkg:pypi/django@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
19
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.5
6
url pkg:pypi/django@5.2.6
purl pkg:pypi/django@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6
7
url pkg:pypi/django@5.2.7
purl pkg:pypi/django@5.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-ga7z-wj4j-63h1
7
vulnerability VCID-jybd-p65h-xffy
8
vulnerability VCID-kxdd-yzp3-r7cb
9
vulnerability VCID-m4am-h2ea-3ffr
10
vulnerability VCID-phkp-9abp-f3dq
11
vulnerability VCID-r1vx-vv7d-gqaj
12
vulnerability VCID-shch-yusm-1uck
13
vulnerability VCID-shjc-2j68-2yfy
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-wa3g-27sx-mbcw
17
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.7
8
url pkg:pypi/django@5.2.8
purl pkg:pypi/django@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga7z-wj4j-63h1
6
vulnerability VCID-jybd-p65h-xffy
7
vulnerability VCID-kxdd-yzp3-r7cb
8
vulnerability VCID-m4am-h2ea-3ffr
9
vulnerability VCID-phkp-9abp-f3dq
10
vulnerability VCID-r1vx-vv7d-gqaj
11
vulnerability VCID-shch-yusm-1uck
12
vulnerability VCID-shjc-2j68-2yfy
13
vulnerability VCID-tktt-vg92-6kae
14
vulnerability VCID-tuqc-c251-h7ds
15
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8
9
url pkg:pypi/django@5.2.9
purl pkg:pypi/django@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-abpe-htm1-9ubp
2
vulnerability VCID-eqsc-axng-ckca
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-m4am-h2ea-3ffr
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9
10
url pkg:pypi/django@5.2.10
purl pkg:pypi/django@5.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-abpe-htm1-9ubp
2
vulnerability VCID-eqsc-axng-ckca
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-m4am-h2ea-3ffr
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.10
11
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
12
url pkg:pypi/django@5.2.12
purl pkg:pypi/django@5.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.12
13
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
14
url pkg:pypi/django@6.0
purl pkg:pypi/django@6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7upw-5p86-8bfr
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-ga7z-wj4j-63h1
5
vulnerability VCID-jybd-p65h-xffy
6
vulnerability VCID-kxdd-yzp3-r7cb
7
vulnerability VCID-m4am-h2ea-3ffr
8
vulnerability VCID-phkp-9abp-f3dq
9
vulnerability VCID-r1vx-vv7d-gqaj
10
vulnerability VCID-shch-yusm-1uck
11
vulnerability VCID-shjc-2j68-2yfy
12
vulnerability VCID-tktt-vg92-6kae
13
vulnerability VCID-tuqc-c251-h7ds
14
vulnerability VCID-w777-44ns-cybg
15
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0
15
url pkg:pypi/django@6.0.1
purl pkg:pypi/django@6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-abpe-htm1-9ubp
2
vulnerability VCID-eqsc-axng-ckca
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-m4am-h2ea-3ffr
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.1
16
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
17
url pkg:pypi/django@6.0.3
purl pkg:pypi/django@6.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.3
18
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
References
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2026/may/05/security-releases/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://www.djangoproject.com/weblog/2026/may/05/security-releases/
Weaknesses
Exploits
Severity_range_score6.5 - 6.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-abpe-htm1-9ubp