Django Improper Input Validation Vulnerability - CVE-2011-4136
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1 when session data is stored in the cache uses the root namespace for both session identifiers and application-data keys which allows remote attackers to modify a session by triggering use of a key that is equal to that session39s identifier.