CVE-2008-3909 (retired)

Priority
Description
The administration application in Django 0.91, 0.95, and 0.96 stores
unauthenticated HTTP POST requests and processes them after successful
authentication occurs, which allows remote attackers to conduct cross-site
request forgery (CSRF) attacks and delete or modify data via unspecified
requests.
Package
Upstream:released (0.96.3)
Patches:
Other:http://www.djangoproject.com/weblog/2008/sep/02/security/
More Information

Updated: 2019-09-19 15:13:08 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)