-
Type:
Bug
-
Resolution: Gone away
-
Priority:
Minor - P4
-
None
-
Affects Version/s: None
-
Component/s: django
-
None
-
None
-
Python Drivers
-
None
-
None
-
None
-
None
-
None
-
None
The page caching implemented in django-mongodb-backend will store a rendered django template as a pickle within a cache collection inside mongodb. A malicious actor with write access to the cache collection will be able to modify data and achieve RCE within the Django web server.
The Django project has publicly stated that it does not see this as a security issue.
Recommended solution options:
- Customer Supplied Field Level Encryption (CSFLE)
- Pros - This will encrypt the cache entry in the django app before it is sent to the mongodb instance. A malicious user would need to know the encryption key in order to modify the data
- Cons - We would need to use a client side schema for the cache collection. Automatic encryption is only supported for paid versions of mongodb, so explicit encryption would need to be used to support all cases
- Django's HMAC signing
- Pros - built into Django and only takes one additional function call to sign and unsign.
- Cons - it can only safely sign json serializable objects. We may be required to base64 encode the pickled data before signing.
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H