Safety vulnerability ID: 35299
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Django 0.91.3, 0.95.4 and 0.96.3 include a fix for CVE-2008-3909: The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.
https://www.djangoproject.com/weblog/2008/sep/02/security
Latest version: 5.1.4
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.
MLIST:[oss-security] 20080903 django CSRF vuln: http://www.openwall.com/lists/oss-security/2008/09/03/4
CONFIRM:http://www.djangoproject.com/weblog/2008/sep/02/security/: http://www.djangoproject.com/weblog/2008/sep/02/security/
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=460966: https://bugzilla.redhat.com/show_bug.cgi?id=460966
DEBIAN:DSA-1640: http://www.debian.org/security/2008/dsa-1640
FEDORA:FEDORA-2008-7288: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00091.html
FEDORA:FEDORA-2008-7672: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00131.html
OSVDB:47906: http://osvdb.org/47906
SECUNIA:31961: http://secunia.com/advisories/31961
VUPEN:ADV-2008-2533: http://www.vupen.com/english/advisories/2008/2533
SECUNIA:31837: http://secunia.com/advisories/31837
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application