{"id":"CVE-2007-0405","details":"The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.","aliases":["GHSA-mwv2-398h-v489"],"modified":"2026-04-10T03:37:59.570050Z","published":"2007-01-23T00:28:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/23826"},{"type":"FIX","url":"http://secunia.com/advisories/23826"},{"type":"WEB","url":"http://code.djangoproject.com/changeset/3754"},{"type":"WEB","url":"http://www.securityfocus.com/bid/22138"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/31628"}],"schema_version":"1.7.5"}