PyPi: Django

CVE-2008-3909

Safety vulnerability ID: 35299

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 04, 2008 Updated at Dec 04, 2024
Scan your Python projects for vulnerabilities →

Advisory

Django 0.91.3, 0.95.4 and 0.96.3 include a fix for CVE-2008-3909: The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.
https://www.djangoproject.com/weblog/2008/sep/02/security

Affected package

django

Latest version: 5.1.4

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

Affected versions

Fixed versions

Vulnerability changelog

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.


MLIST:[oss-security] 20080903 django CSRF vuln: http://www.openwall.com/lists/oss-security/2008/09/03/4
CONFIRM:http://www.djangoproject.com/weblog/2008/sep/02/security/: http://www.djangoproject.com/weblog/2008/sep/02/security/
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=460966: https://bugzilla.redhat.com/show_bug.cgi?id=460966
DEBIAN:DSA-1640: http://www.debian.org/security/2008/dsa-1640
FEDORA:FEDORA-2008-7288: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00091.html
FEDORA:FEDORA-2008-7672: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00131.html
OSVDB:47906: http://osvdb.org/47906
SECUNIA:31961: http://secunia.com/advisories/31961
VUPEN:ADV-2008-2533: http://www.vupen.com/english/advisories/2008/2533
SECUNIA:31837: http://secunia.com/advisories/31837

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.8

CVSS v2 Details

MEDIUM 5.8
Access Vector (AV)
NETWORK
Access Complexity (AC)
MEDIUM
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL