Fedora Account System
Red Hat Associate
Red Hat Customer
A flaw was found in Django. UpdateCacheMiddleware and the cache_page decorator fail to skip caching for responses that set a cookie when the incoming request already carries an unrelated cookie. This allows responses containing session or other sensitive Set-Cookie headers to be stored in Django's shared cache, leading to information disclosure.