Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-7401

Опубликовано: 03 окт. 2016
Источник: debian

Описание

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-djangofixed1:1.10-1package

Примечания

  • https://www.djangoproject.com/weblog/2016/sep/26/security-releases/

Связанные уязвимости

ubuntu логотип

CVE-2016-7401

CVSS3: 7.5
ubuntu
около 9 лет назад

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

redhat логотип

CVE-2016-7401

CVSS3: 6.1
redhat
около 9 лет назад

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

nvd логотип

CVE-2016-7401

CVSS3: 7.5
nvd
около 9 лет назад

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

github логотип

GHSA-crhm-qpjc-cm64

CVSS3: 7.5
github
больше 3 лет назад

Django CSRF Protection Bypass

suse-cvrf логотип

openSUSE-SU-2018:0826-1

suse-cvrf
больше 7 лет назад

Security update for python-Django