EPSS
Percentile
76.8%
Django incorrectly cache certain pages that contain CSRF cookies. An attacker can possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions.
www.djangoproject.com/weblog/2014/apr/21/security/