Moderate severity vulnerability that affects django

2018-07-23T19:51:19
ID GHSA-H95J-H2RV-QRG4
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:01

Description

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.