CVE-2020-13254 — Improper Certificate Validation in Django
Severity
5.9MEDIUMNVD
EPSS
8.7%
top 7.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 3
Latest updateJun 9
Description
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages3 packages
Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 32, Ubuntu Linux 14.04, 16.04, 18.04, 19.10, 20.04
Patches
🔴Vulnerability Details
6📋Vendor Advisories
4💬Community
7Bugzilla▶
CVE-2020-13254 python2-django1.11: django: potential data leakage via malformed memcached keys [fedora-all]↗2020-06-09
Bugzilla▶
CVE-2020-13254 python-django: django: potential data leakage via malformed memcached keys [epel-all]↗2020-06-03
Bugzilla▶
CVE-2020-13254 python-django: django: potential data leakage via malformed memcached keys [openstack-rdo]↗2020-06-03
Bugzilla▶
CVE-2020-13254 python-django16: django: potential data leakage via malformed memcached keys [epel-7]↗2020-06-03