Vulnerability CVE-2016-7401: Information
Description
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
python-module-django | p9 | 1.8.15-alt1 | 1.11.29-alt2 | ALT-PU-2016-2173-1 | 171331 | Fixed |
python-module-django | p8 | 1.8.18-alt0.M80P.1 | 1.8.18-alt0.M80P.1 | ALT-PU-2017-1760-1 | 184483 | Fixed |
python-module-django | c9f2 | 1.8.15-alt1 | 1.11.23-alt1 | ALT-PU-2016-2173-1 | 171331 | Fixed |
python-module-django | c7 | 1.8.18-alt0.M70C.1 | 1.8.18-alt0.M70C.1 | ALT-PU-2017-1754-1 | 184484 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
1036899 |
|
https://www.djangoproject.com/weblog/2016/sep/26/security-releases/ |
|
DSA-3678 |
|
93182 |
|
USN-3089-1 |
|
RHSA-2016:2043 | |
RHSA-2016:2042 | |
RHSA-2016:2041 | |
RHSA-2016:2040 | |
RHSA-2016:2039 | |
RHSA-2016:2038 |