Moderate severityNVD Advisory· Published Jan 23, 2007· Updated Jun 16, 2026
CVE-2007-0405
CVE-2007-0405
Description
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 0.95, < 1.0 | 1.0 |
Affected products
2- cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
8- secunia.com/advisories/23826nvdPatchVendor Advisory
- github.com/advisories/GHSA-mwv2-398h-v489ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2007-0405ghsaADVISORY
- code.djangoproject.com/changeset/3754nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/31628nvdWEB
- github.com/django/django/commit/3c5782287eghsaWEB
- github.com/django/django/commit/e89f0a65581f82a5740bfe989136cea75d09cd67ghsaWEB
- www.securityfocus.com/bid/22138nvd
News mentions
0No linked articles in our index yet.