|
|
Log in / Subscribe / Register

python-django: cross-site request forgery

Package(s):python-django CVE #(s):CVE-2016-7401
Created:September 27, 2016 Updated:October 24, 2016
Description: From the Debian advisory:

Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery (CSRF) protections built into Django.

Alerts:
Arch Linux ASA-201610-12 python2-django 2016-10-21
Arch Linux ASA-201610-13 python-django 2016-10-21
Fedora FEDORA-2016-3795497354 python-django 2016-10-11
Fedora FEDORA-2016-5706eeb875 python-django 2016-10-10
Red Hat RHSA-2016:2038-01 python-django 2016-10-10
Red Hat RHSA-2016:2039-01 python-django 2016-10-10
Red Hat RHSA-2016:2040-01 python-django 2016-10-10
Red Hat RHSA-2016:2041-01 python-django 2016-10-10
Debian-LTS DLA-DLA-649-1 python-django 2016-10-06
Mageia MGASA-2016-0334 python-django 2016-10-04
Ubuntu USN-3089-1 python-django 2016-09-27
Debian DSA-3678-1 python-django 2016-09-26
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds