Search for packages
| purl | pkg:rpm/redhat/python-django@1.6.11-3?arch=el6ost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-d7fu-jyta-2ygm
Aliases: CVE-2015-5963 GHSA-pgxh-wfw4-jx2v PYSEC-2015-22 |
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. | There are no reported fixed by versions. |
|
VCID-msmd-931q-abhe
Aliases: CVE-2015-5964 GHSA-x38m-486c-2wr9 PYSEC-2015-23 |
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:40:07.340588+00:00 | RedHat Importer | Affected by | VCID-msmd-931q-abhe | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5964.json | 38.0.0 |
| 2026-04-01T14:40:07.277719+00:00 | RedHat Importer | Affected by | VCID-d7fu-jyta-2ygm | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5963.json | 38.0.0 |