Description
The administration application in Django 0.91, 0.95, and 0.96 stores
unauthenticated HTTP POST requests and processes them after successful
authentication occurs, which allows remote attackers to conduct cross-site
request forgery (CSRF) attacks and delete or modify data via unspecified
requests.
Package
| Upstream: | released
(0.96.3)
|
Patches:
Updated: 2019-09-19 15:13:08 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)