Description
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin qTranslate X Multiple Cross-Site Scripting Vulnerabilities (3.4.6.8)
WordPress Plugin ProPlayer 'pp_playlist_id' Parameter SQL Injection (4.7.7)
WordPress Plugin Jock on air now Multiple Vulnerabilities (5.6.1)
WordPress Plugin Country State City Dropdown CF7 Security Bypass (2.7.1)
WordPress Plugin Easy Coming Soon Cross-Site Scripting (1.8.1)