The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2016-10-03T18:00:00
Updated: 2024-08-06T01:57:47.529Z
Reserved: 2016-09-09T00:00:00
Link: CVE-2016-7401
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-10-03T18:59:13.137
Modified: 2024-11-21T02:57:55.553
Link: CVE-2016-7401
Redhat