Description
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.17)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.42)
Atlassian Jira Improper Authentication Vulnerability (CVE-2019-8443)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7853)
Jboss EAP Incorrect Authorization Vulnerability (CVE-2019-14843)