CVE-2020-13254 - log back

CVE-2020-13254 edited at 05 Jun 2020 13:24:51
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ An information disclosure issue has been found in Django before 3.0.7, via malformed memcached keys. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability, key validation is added to the memcached cache backends.
References
+ https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693
Notes
CVE-2020-13254 created at 05 Jun 2020 13:22:41