python-django: cross-site request forgery

2016-10-21T00:00:00
ID ASA-201610-13
Type archlinux
Reporter Arch Linux
Modified 2016-10-21T00:00:00

Description

Sergey Bobrov found a vulnerability where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection.