Michael Nelson

**Name of the Vulnerable Software and Affected Versions** Django versions 1.4 through 1.4.12 Django versions 1.5 through 1.5.7 Django versions 1.6 through 1.6.4 Django versions 1.7 before 1.7b4 **Description** The issue allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers, due to the improper inclusion of the `Vary: Cookie` or `Cache-Control` header in responses. **Recommendations** For Django versions 1.4 through 1.4.12, update to version 1.4.13 or later. For Django versions 1.5 through 1.5.7, update to version 1.5.8 or later. For Django versions 1.6 through 1.6.4, update to version 1.6.5 or later. For Django versions 1.7 before 1.7b4, update to version 1.7b4 or later.