Description
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-2898 Vulnerability (CVE-2020-2898)
WordPress Plugin Manage Calameo Publications by Athlon Cross-Site Scripting (1.1.0)
WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.10)
Serendipity Improper Access Control Vulnerability (CVE-2016-10082)
WordPress Plugin WordPress Gallery-NextGEN Gallery Cross-Site Request Forgery (3.28)