PT-2026-39155 · Bitnami · Django
Published
2026-05-08
·
Updated
2026-05-08
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.
django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ('*'). This can lead to private data being stored and served.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Ahmad Sadeddin for reporting this issue. Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Django