CVE-2016-7401

Priority
Medium
Description
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10,
when used on a site with Google Analytics, allows remote attackers to
bypass an intended CSRF protection mechanism by setting arbitrary cookies.
References
Assigned-to
mdeslaur
Package
Upstream:released (1.8.15,1.9.10)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.6.1-2ubuntu0.15)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.7-1ubuntu5.2)
More Information

Updated: 2017-08-11 23:55:16 UTC (commit 13081)