CVE-2020-35681 – Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information f …

22 February 2021

Vuln ID: CVE-2020-35681

Published: 2021-02-22 03:15:14Z

Description: Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channels 3.0. In many cases this would result in a crash but, with correct timing, responses could be sent to the wrong client, resulting in potential leakage of session identifiers and other sensitive data. Note that this affects only the legacy Channels provided class, and not Django’s similar ASGIHandler, available from Django 3.0.

Source: NVD.NIST.GOV

Date:

22 February 2021

Categorie(s):

NVD

Tag(s):

NVD

Feds Bust Privacy-Centric Samourai Wallet Over BTC Money Laundering26 April 2024
NETGEAR buffer Overflow Vulnerability Let Attackers Bypass Authentication26 April 2024
Enhancing Cybersecurity Defenses: The role of Voice Cloning in Penetration Testing26 April 2024
Ensuring the Security and Efficiency of Web Applications and Systems26 April 2024
Integrated Residential Security Solutions to Employ in 202426 April 2024