CVE-2016-7401

Source
Severity Medium
Remote Yes
Type Cross-site request forgery
Description
Sergey Bobrov found a vulnerability where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection.
Group Package Affected Fixed Severity Status Ticket
AVG-35 python-django, python2-django 1.9.9-1 1.10.1-1 Medium Fixed
Date Advisory Group Package Severity Description
21 Oct 2016 ASA-201610-13 AVG-35 python-django Medium cross-site request forgery
21 Oct 2016 ASA-201610-12 AVG-35 python2-django Medium cross-site request forgery
References
https://www.djangoproject.com/weblog/2016/sep/26/security-releases/