Description
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Theme Blvd Sliders Multiple Security Bypass Vulnerabilities (1.2.3)
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2019-12747)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4421)
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-20920)