Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-khxh-hjmn-fbdq

Summary The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.

Aliases

alias	CVE-2015-3982

alias	GHSA-6wgp-fwfm-mxp3

alias	PYSEC-2015-19

Fixed_packages

url	pkg:deb/debian/python-django@0?distro=trixie
purl	pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie

url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie

url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie

url pkg:pypi/django@1.8.2

purl pkg:pypi/django@1.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-325d-7dfk-sqd2

vulnerability	VCID-6gss-ppm5-3yc9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8jaq-53td-wbeg

vulnerability	VCID-8teq-9xr9-q3fg

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-a715-2qks-wyhn

vulnerability	VCID-bdms-nb18-guf9

vulnerability	VCID-br5x-v7md-47hp

vulnerability	VCID-d7fu-jyta-2ygm

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-jae8-w85w-cyfu

vulnerability	VCID-k25u-g17y-hyfh

vulnerability	VCID-k6s1-gnmc-e3ed

vulnerability	VCID-mv1p-yxvp-pbh6

vulnerability	VCID-p543-5y7x-63hd

vulnerability	VCID-qm34-ec8s-tfd7

vulnerability	VCID-sbr6-pybe-dubq

vulnerability	VCID-t8d7-68j2-suet

vulnerability	VCID-uk1w-hehw-dyda

vulnerability	VCID-ukxp-wqpr-t3by

vulnerability	VCID-w2dv-u8h6-sbgs

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-x4ev-6zjm-sbe4

vulnerability	VCID-x516-xwze-6ba3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.2

Affected_packages

url pkg:pypi/django@1.8a1

purl pkg:pypi/django@1.8a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dhb-9yue-33h7

vulnerability	VCID-325d-7dfk-sqd2

vulnerability	VCID-6gss-ppm5-3yc9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8jaq-53td-wbeg

vulnerability	VCID-8teq-9xr9-q3fg

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-bdms-nb18-guf9

vulnerability	VCID-br5x-v7md-47hp

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-gvvs-megy-9fc3

vulnerability	VCID-jumh-hkhx-7qc9

vulnerability	VCID-k6s1-gnmc-e3ed

vulnerability	VCID-khxh-hjmn-fbdq

vulnerability	VCID-mv1p-yxvp-pbh6

vulnerability	VCID-p543-5y7x-63hd

vulnerability	VCID-qm34-ec8s-tfd7

vulnerability	VCID-sbr6-pybe-dubq

vulnerability	VCID-t8d7-68j2-suet

vulnerability	VCID-uk1w-hehw-dyda

vulnerability	VCID-ukxp-wqpr-t3by

vulnerability	VCID-w2dv-u8h6-sbgs

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-x4ev-6zjm-sbe4

vulnerability	VCID-x516-xwze-6ba3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8a1

url pkg:pypi/django@1.8b1

purl pkg:pypi/django@1.8b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dhb-9yue-33h7

vulnerability	VCID-325d-7dfk-sqd2

vulnerability	VCID-6gss-ppm5-3yc9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8jaq-53td-wbeg

vulnerability	VCID-8teq-9xr9-q3fg

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-bdms-nb18-guf9

vulnerability	VCID-br5x-v7md-47hp

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-gvvs-megy-9fc3

vulnerability	VCID-jumh-hkhx-7qc9

vulnerability	VCID-k6s1-gnmc-e3ed

vulnerability	VCID-khxh-hjmn-fbdq

vulnerability	VCID-mv1p-yxvp-pbh6

vulnerability	VCID-p543-5y7x-63hd

vulnerability	VCID-qm34-ec8s-tfd7

vulnerability	VCID-sbr6-pybe-dubq

vulnerability	VCID-t8d7-68j2-suet

vulnerability	VCID-uk1w-hehw-dyda

vulnerability	VCID-ukxp-wqpr-t3by

vulnerability	VCID-w2dv-u8h6-sbgs

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-x4ev-6zjm-sbe4

vulnerability	VCID-x516-xwze-6ba3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8b1

url pkg:pypi/django@1.8b2

purl pkg:pypi/django@1.8b2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-325d-7dfk-sqd2

vulnerability	VCID-6gss-ppm5-3yc9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8jaq-53td-wbeg

vulnerability	VCID-8teq-9xr9-q3fg

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-bdms-nb18-guf9

vulnerability	VCID-br5x-v7md-47hp

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-gvvs-megy-9fc3

vulnerability	VCID-jumh-hkhx-7qc9

vulnerability	VCID-k6s1-gnmc-e3ed

vulnerability	VCID-khxh-hjmn-fbdq

vulnerability	VCID-mv1p-yxvp-pbh6

vulnerability	VCID-p543-5y7x-63hd

vulnerability	VCID-qm34-ec8s-tfd7

vulnerability	VCID-sbr6-pybe-dubq

vulnerability	VCID-t8d7-68j2-suet

vulnerability	VCID-uk1w-hehw-dyda

vulnerability	VCID-ukxp-wqpr-t3by

vulnerability	VCID-w2dv-u8h6-sbgs

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-x4ev-6zjm-sbe4

vulnerability	VCID-x516-xwze-6ba3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8b2

url pkg:pypi/django@1.8c1

purl pkg:pypi/django@1.8c1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-325d-7dfk-sqd2

vulnerability	VCID-6gss-ppm5-3yc9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8jaq-53td-wbeg

vulnerability	VCID-8teq-9xr9-q3fg

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-bdms-nb18-guf9

vulnerability	VCID-br5x-v7md-47hp

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-k6s1-gnmc-e3ed

vulnerability	VCID-khxh-hjmn-fbdq

vulnerability	VCID-mv1p-yxvp-pbh6

vulnerability	VCID-p543-5y7x-63hd

vulnerability	VCID-qm34-ec8s-tfd7

vulnerability	VCID-sbr6-pybe-dubq

vulnerability	VCID-t8d7-68j2-suet

vulnerability	VCID-uk1w-hehw-dyda

vulnerability	VCID-ukxp-wqpr-t3by

vulnerability	VCID-w2dv-u8h6-sbgs

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-x4ev-6zjm-sbe4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8c1

url pkg:pypi/django@1.8

purl pkg:pypi/django@1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-325d-7dfk-sqd2

vulnerability	VCID-6gss-ppm5-3yc9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8jaq-53td-wbeg

vulnerability	VCID-8teq-9xr9-q3fg

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-a715-2qks-wyhn

vulnerability	VCID-bdms-nb18-guf9

vulnerability	VCID-br5x-v7md-47hp

vulnerability	VCID-d7fu-jyta-2ygm

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-jae8-w85w-cyfu

vulnerability	VCID-k25u-g17y-hyfh

vulnerability	VCID-k6s1-gnmc-e3ed

vulnerability	VCID-khxh-hjmn-fbdq

vulnerability	VCID-mv1p-yxvp-pbh6

vulnerability	VCID-p543-5y7x-63hd

vulnerability	VCID-qm34-ec8s-tfd7

vulnerability	VCID-sbr6-pybe-dubq

vulnerability	VCID-t8d7-68j2-suet

vulnerability	VCID-uk1w-hehw-dyda

vulnerability	VCID-ukxp-wqpr-t3by

vulnerability	VCID-w2dv-u8h6-sbgs

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-x4ev-6zjm-sbe4

vulnerability	VCID-x516-xwze-6ba3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8

url pkg:pypi/django@1.8.1

purl pkg:pypi/django@1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-325d-7dfk-sqd2

vulnerability	VCID-6gss-ppm5-3yc9

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8jaq-53td-wbeg

vulnerability	VCID-8teq-9xr9-q3fg

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-a715-2qks-wyhn

vulnerability	VCID-bdms-nb18-guf9

vulnerability	VCID-br5x-v7md-47hp

vulnerability	VCID-d7fu-jyta-2ygm

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-jae8-w85w-cyfu

vulnerability	VCID-k25u-g17y-hyfh

vulnerability	VCID-k6s1-gnmc-e3ed

vulnerability	VCID-khxh-hjmn-fbdq

vulnerability	VCID-mv1p-yxvp-pbh6

vulnerability	VCID-p543-5y7x-63hd

vulnerability	VCID-qm34-ec8s-tfd7

vulnerability	VCID-sbr6-pybe-dubq

vulnerability	VCID-t8d7-68j2-suet

vulnerability	VCID-uk1w-hehw-dyda

vulnerability	VCID-ukxp-wqpr-t3by

vulnerability	VCID-w2dv-u8h6-sbgs

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-x4ev-6zjm-sbe4

vulnerability	VCID-x516-xwze-6ba3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.1

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3982.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3982.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3982

reference_id

reference_type

scores

value	0.00225
scoring_system	epss
scoring_elements	0.4522
published_at	2026-04-02T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45184
published_at	2026-04-07T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45242
published_at	2026-04-04T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45139
published_at	2026-04-01T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45276
published_at	2026-04-18T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45281
published_at	2026-04-16T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.4523
published_at	2026-04-13T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45229
published_at	2026-04-12T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45261
published_at	2026-04-11T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45239
published_at	2026-04-09T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.4524
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3982

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/31cb25adecba930bdeee4556709f5a1c42d88fd6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/31cb25adecba930bdeee4556709f5a1c42d88fd6

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-19.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-19.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3982

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3982

reference_url

https://web.archive.org/web/20200228092138/http://www.securityfocus.com/bid/74960

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228092138/http://www.securityfocus.com/bid/74960

reference_url

https://www.djangoproject.com/weblog/2015/may/20/security-release

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2015/may/20/security-release

reference_url	https://www.djangoproject.com/weblog/2015/may/20/security-release/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/may/20/security-release/

reference_url	http://www.securityfocus.com/bid/74960
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/74960

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1221526
reference_id	1221526
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1221526

reference_url

https://github.com/advisories/GHSA-6wgp-fwfm-mxp3

reference_id

GHSA-6wgp-fwfm-mxp3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6wgp-fwfm-mxp3

Weaknesses

cwe_id	384
name	Session Fixation
description	Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

cwe_id	613
name	Insufficient Session Expiration
description	According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khxh-hjmn-fbdq

Vulnerability Instance