cbcvebase.
CVE-2007-0405
published 2007-01-23

CVE-2007-0405: The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated…

PriorityP426medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
1.19%
64.1th percentile
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.

Affected

3 ranges
VendorProductVersion rangeFixed in
debianpython-django< python-django 0.95.1-1 (bookworm)python-django 0.95.1-1 (bookworm)
django_projectdjango
djangoprojectdjango>= 0.95 < 1.01.0

CVSS provenance

nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.