A flaw was found in Django, where the memcached backend does not perform key validation and passes malformed keys. This flaw causes a key collision and potential data leakage. The highest threat from this vulnerability is to confidentiality.

References

bugzilla.redhat.com/show_bug.cgi?id=1843614

nvd.nist.gov/vuln/detail/CVE-2020-13254

www.cve.org/CVERecord?id=CVE-2020-13254

www.djangoproject.com/weblog/2020/jun/03/security-releases

nvd 1

osv 9

alpinelinux 1

cve 1

redhat 2

nessus 8

cvelist 1

ubuntucve 1

githubexploit 1

debiancve 1

veracode 1

debian 4

github 1

prion 1

ubuntu 2

openvas 8

archlinux 1

freebsd 1

altlinux 2

fedora 2

oracle 1

nvd

CVE-2020-13254

2020-06-03 14:15:12

osv

Data leakage via cache key collision in Django

2020-06-05 16:20:44

PYSEC-2020-31

2020-06-03 14:15:00

BIT-django-2020-13254

2024-03-06 10:56:35

alpinelinux

CVE-2020-13254

2020-06-03 14:15:12

cve

CVE-2020-13254

2020-06-03 14:15:12

redhat

(RHSA-2021:0915) Moderate: Red Hat OpenStack Platform 16.1.4 (python-django) security update

2021-03-17 13:32:25

(RHSA-2021:0933) Moderate: python-django security update

2021-03-18 11:36:20

nessus

RHEL 7 : python-django (RHSA-2021:0933)

2021-03-18 00:00:00

Debian DLA-2233-2 : python-django regression update

2020-06-05 00:00:00

RHEL 8 : Red Hat OpenStack Platform 16.1.4 (python-django) (RHSA-2021:0915)

2021-03-17 00:00:00

cvelist

CVE-2020-13254

2020-06-03 13:11:57

ubuntucve

CVE-2020-13254

2020-06-03 00:00:00

githubexploit

Exploit for Improper Certificate Validation in Djangoproject Django

2020-06-07 16:42:33

debiancve

CVE-2020-13254

2020-06-03 14:15:12

veracode

Information Disclosure

2020-06-04 04:24:51

debian

[SECURITY] [DLA 2233-2] python-django regression update

2020-06-12 10:37:27

[SECURITY] [DSA 4705-1] python-django security update

2020-06-18 08:51:53

[SECURITY] [DSA 4705-1] python-django security update

2020-06-18 08:51:53

github

Data leakage via cache key collision in Django

2020-06-05 16:20:44

prion

Input validation

2020-06-03 14:15:00

ubuntu

Django vulnerabilities

2020-06-04 00:00:00

Django vulnerabilities

2020-06-03 00:00:00

openvas

Debian: Security Advisory (DSA-4705-1)

2020-06-19 00:00:00

Ubuntu: Security Advisory (USN-4381-2)

2022-08-26 00:00:00

Django 2.2.x < 2.2.13, 3.0.x < 3.0.7 Multiple Vulnerabilities - Windows

2020-06-08 00:00:00

archlinux

[ASA-202006-8] python-django: multiple issues

2020-06-06 00:00:00

freebsd

Django -- multiple vulnerabilities

2020-06-01 00:00:00

altlinux

Security fix for the ALT Linux 10 package python3-module-django version 2.2.17-alt1

2020-12-11 00:00:00

Security fix for the ALT Linux 9 package python3-module-django version 2.2.17-alt1

2020-12-11 00:00:00

fedora

[SECURITY] Fedora 32 Update: python-django-3.0.7-1.fc32

2020-06-19 01:05:39

[SECURITY] Fedora 31 Update: python-django-2.2.13-1.fc31

2020-06-19 01:07:50

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.004

Percentile

73.9%

JSON

Related for RH:CVE-2020-13254