Description
The administration application in Django 0.91, 0.95, and 0.96 stores
unauthenticated HTTP POST requests and processes them after successful
authentication occurs, which allows remote attackers to conduct cross-site
request forgery (CSRF) attacks and delete or modify data via unspecified
requests.
Package
Upstream: | released
(0.96.3)
|
Patches:
Updated: 2019-01-14 21:46:10 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)