Description
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin InfiniteWP Client Security Bypass (1.9.4.4)
WordPress Plugin WORDPRESS VIDEO GALLERY Open Email Relay (2.8)
WordPress Plugin NAB Transact Security Bypass (2.1.0)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2017-1000014)
Family Connections Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4338)