Django 2.2 before 2.2.13 Improper Certificate Validation Vulnerability

Summary

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.

Credit:

The information has been provided by Vendor

The original article can be found at:https://docs.djangoproject.com/en/3.0/releases/security/


Details

In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

 

Vulnerable Systems:

Django 2.2 before 2.2.13

Django 3.0 before 3.0.7

 

CVE Information:

CVE-2020-13254

Disclosure Timeline:
Published Date:6/3/2020

Categories: FeaturedNews