Search for packages
| purl | pkg:pypi/django@0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-mm3u-a8ar-b3hp
Aliases: CVE-2011-4136 GHSA-x88j-93vc-wpmp PYSEC-2011-1 |
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier. |
Affected by 35 other vulnerabilities. Affected by 40 other vulnerabilities. |
|
VCID-xtqq-9751-r3dq
Aliases: CVE-2011-4137 GHSA-3jqw-crqj-w8qw PYSEC-2011-2 |
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521. |
Affected by 35 other vulnerabilities. Affected by 40 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:56:31.595099+00:00 | GHSA Importer | Affected by | VCID-mm3u-a8ar-b3hp | https://github.com/advisories/GHSA-x88j-93vc-wpmp | 38.0.0 |
| 2026-04-01T15:56:30.758617+00:00 | GHSA Importer | Affected by | VCID-xtqq-9751-r3dq | https://github.com/advisories/GHSA-3jqw-crqj-w8qw | 38.0.0 |