CVE-2016-7401 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Cross-site request forgery |
| Description | Sergey Bobrov found a vulnerability where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-35 | python-django, python2-django | 1.9.9-1 | 1.10.1-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 21 Oct 2016 | ASA-201610-13 | AVG-35 | python-django | Medium | cross-site request forgery |
| 21 Oct 2016 | ASA-201610-12 | AVG-35 | python2-django | Medium | cross-site request forgery |
| References |
|---|
https://www.djangoproject.com/weblog/2016/sep/26/security-releases/ |