Affected system:
> Django Django < 1.8.15
Django Django 1.9. x < 1.9.10
Description:
BUGTRAQ ID: 9 3 1 8 2
CVE(CAN) ID: CVE-2 0 1 6-7 4 0 1
Django is the Python programming language to drive an open source Web application framework.
Django < 1.8.15, and 1.9. x < 1.9.10 version, cookie parsing code with the Google Analytics shared on the site, allows a remote attacker to set arbitrary cookies, bypassing the target of CSRF protection mechanisms.
<*source: Sergey Bobrov
*>
Recommendations:
Manufacturers patch:
Django
\ ------
The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download:
<http://www.debian.org/security/2016/dsa-3678>
<http://www.ubuntu.com/usn/USN-3089-1>
<https://www.djangoproject.com/weblog/2016/sep/26/security-releases/>