7.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-35681

GHSA ID

GHSA-v542-8q9x-cffc

EPSS Score

0.73076%

CWE

CWE-200

Published

3/19/2021

Updated

9/13/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-35681

CVE-2020-35681: Django Channels leakage of session identifiers using legacy AsgiHandler

Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channels 3.0. In many cases this would result in a crash but, with correct timing, responses could be sent to the wrong client, resulting in potential leakage of session identifiers and other sensitive data. Note that this affects only the legacy Channels provided class, and not Django's similar ASGIHandler, available from Django 3.0.

(GitHub Advisory)

7.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-35681

GHSA ID

GHSA-v542-8q9x-cffc

EPSS Score

0.73076%

CWE

CWE-200

Published

3/19/2021

Updated

9/13/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
channels	pip	>= 3.0.0, < 3.0.3	3.0.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from state mutation in AsgiHandler's call method (setting self.scope/self.send) and subsequent reliance on this shared state in the handle method. The patch removed instance variable mutations and passed request-specific parameters directly to handle. The concurrent request test added in test_http.py demonstrates how shared state could lead to cross-request leakage. StaticFilesHandler modifications were secondary to the core scope isolation issue in AsgiHandler.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*j*n*o ***nn*ls *.x ***or* *.*.* *llows r*mot* *tt**k*rs to o*t*in s*nsitiv* in*orm*tion *rom * *i***r*nt r*qu*st s*op*. T** l****y ***nn*ls.*ttp.*s*i**n*l*r *l*ss, us** *or **n*lin* *TTP typ* r*qu*sts in *n *S*I *nvironm*nt prior to *j*n*o *.*, *i*

Reasoning

T** vuln*r**ility st*mm** *rom st*t* mut*tion in *s*i**n*l*r's __**ll__ m*t*o* (s*ttin* s*l*.s*op*/s*l*.s*n*) *n* su*s*qu*nt r*li*n** on t*is s**r** st*t* in t** **n*l* m*t*o*. T** p*t** r*mov** inst*n** v*ri**l* mut*tions *n* p*ss** r*qu*st-sp**i*i*

7.4

Basic Information

Concerned about an active attack path?

CVE-2020-35681: Django Channels leakage of session identifiers using legacy AsgiHandler

7.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI