CVE-2007-0405
Publication date 23 January 2007
Last updated 24 July 2024
Ubuntu priority
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.