CVE-2007-0405

Publication date 23 January 2007

Last updated 17 July 2025

Ubuntu priority

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
python-django	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-0405