Sarah Boyce

**Name of the Vulnerable Software and Affected Versions** Django versions 6.0 through 6.0.4 Django versions 5.2 through 5.2.13 **Description** When `SESSION SAVE EVERY REQUEST` is set to `True`, response headers do not vary based on cookies if a session remains unmodified. This allows a remote attacker to steal a user's session after the victim visits a cached public page. This is a session fixation issue where a session identifier can be compromised via public cached content. **Recommendations** Update Django versions 6.0 through 6.0.4 to version 6.0.5. Update Django versions 5.2 through 5.2.13 to version 5.2.14.

**Name of the Vulnerable Software and Affected Versions** Django versions 6.0 through 6.0.4 Django versions 5.2 through 5.2.13 **Description** ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE UPLOAD MAX MEMORY SIZE` limit. This allows large files to be loaded into memory, which can lead to service degradation and a potential denial-of-service. ASGI (Asynchronous Server Gateway Interface) is a standard for asynchronous Python web servers to communicate with web applications. **Recommendations** Update versions 6.0 through 6.0.4 to version 6.0.5. Update versions 5.2 through 5.2.13 to version 5.2.14. Configure a limit at the web server level to avoid relying solely on `FILE UPLOAD MAX MEMORY SIZE`.

**Name of the Vulnerable Software and Affected Versions** Django versions 6.0 through 6.0.4 Django versions 5.2 through 5.2.13 **Description** An issue in `django.middleware.cache.UpdateCacheMiddleware` causes requests where the `Vary` header contains an asterisk (`'*'`) to be erroneously cached. This behavior can lead to the storage and subsequent delivery of private data to unauthorized users. **Recommendations** Update to version 6.0.5 for versions 6.0 through 6.0.4. Update to version 5.2.14 for versions 5.2 through 5.2.13.