Djangoproject : Security Vulnerabilities, CVEs, Published In 2016 (CSRF)
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
Max CVSS
7.5
EPSS Score
0.77%
Published
2016-10-03
Updated
2018-01-05
1 vulnerabilities found