Description
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2009-3412 Vulnerability (CVE-2009-3412)
Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.8)
WordPress Plugin Placemarks Cross-Site Scripting (2.0.0)
Oracle HTTP Server Improper Initialization Vulnerability (CVE-2022-22719)
WordPress Plugin WP Smart Image II Cross-Site Scripting (0.2)