TROYANOSYVIRUS
Back to CVEs

CVE-2020-13254

MEDIUM
5.9

Description

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

CVE Details

CVSS v3.1 Score5.9
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published6/3/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0

Affected Products

canonical:ubuntu_linuxdebian:debian_linuxdjangoproject:djangofedoraproject:fedoranetapp:sra_pluginnetapp:steelstore_cloud_integrated_storageoracle:zfs_storage_appliance_kit

Weaknesses (CWE)

CWE-295

References

https://docs.djangoproject.com/en/3.0/releases/security/(cve@mitre.org)
https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20200611-0002/(cve@mitre.org)
https://usn.ubuntu.com/4381-1/(cve@mitre.org)
https://usn.ubuntu.com/4381-2/(cve@mitre.org)
https://www.debian.org/security/2020/dsa-4705(cve@mitre.org)
https://www.djangoproject.com/weblog/2020/jun/03/security-releases/(cve@mitre.org)
https://www.oracle.com/security-alerts/cpujan2021.html(cve@mitre.org)
https://docs.djangoproject.com/en/3.0/releases/security/(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20200611-0002/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4381-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4381-2/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4705(af854a3a-2127-422b-91ae-364da2661108)
https://www.djangoproject.com/weblog/2020/jun/03/security-releases/(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2021.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.