CVE-2016-7401 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Cross-site request forgery |
Description | Sergey Bobrov found a vulnerability where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-35 | python-django, python2-django | 1.9.9-1 | 1.10.1-1 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
21 Oct 2016 | ASA-201610-13 | AVG-35 | python-django | Medium | cross-site request forgery |
21 Oct 2016 | ASA-201610-12 | AVG-35 | python2-django | Medium | cross-site request forgery |
References |
---|
https://www.djangoproject.com/weblog/2016/sep/26/security-releases/ |