5 matches found
Mandriva Linux Security Advisory : python-django (MDVSA-2008:185)
A cross-site request forgery vulnerability was discovered in Django that, if exploited, could be used to perform unrequested deletion or modification of data. Updated versions of Django will now discard posts from users whose sessions have expired, so data will need to be re-entered in these case...
Debian Security Advisory DSA 1640-1 (python-django)
The remote host is missing an update to python-django announced via advisory DSA 1640-1. OpenVAS Vulnerability Test $Id: deb16401.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1640-1 python-django Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft...
Debian DSA-1640-1 : python-django - several vulnerabilities
Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery. This is possible regardless of the Django plugin to preven...
DSA-1640-1 python-django - cross site request forgery
Bulletin has no description...
CVE-2008-3909
Django CSRF issue (CVE-2008-3909) in the admin app affects Django 0.91.x, 0.95.x, and 0.96.x where unauthenticated POST data is stored and later processed after authentication, enabling remote CSRF attacks that can delete or modify data via unspecified requests. Connected sources (GHSA, Debian/Ne...