The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| Django(PyPI) | 0 | 1.4.21 | N/A |
| Django(PyPI) | 1.5 | 1.7.9 | N/A |
| Django(PyPI) | 1.8 | 1.8.3 | N/A |
CVSS Metrics
