CVE-2015-5963 Medium Severity Vulnerability detected by WhiteSource

[mend-bolt-for-github]

CVE-2015-5963 - Medium Severity Vulnerability

Vulnerable Library - Django-1.7.1-py2.py3-none-any.whl

A high-level Python Web framework that encourages rapid development and clean, pragmatic design.

path: /example-python/requirements.txt

Library home page: https://pypi.python.org/packages/d2/29/1935a5825b8820d1e398ab83f0730d483ec731fae34745ddac8318cf6ac8/Django-1.7.1-py2.py3-none-any.whl

Dependency Hierarchy:

• ❌ Django-1.7.1-py2.py3-none-any.whl (Vulnerable Library)

Vulnerability Details

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

Publish Date: 2015-08-24

URL: CVE-2015-5963

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-5963

Release Date: 2015-08-24

Fix Resolution: 1.8.4,1.7.10,1.4.22

---

Step up your Open Source Security Game with WhiteSource here