django
Page content
- Author: Miklos Vajna
- Vulnerable: 0.96.2-1
- Unaffected: 1.0-1solaria1
A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the Django administration application not performing any validity checks to verify requests when re-authenticating the user. This can be exploited to delete and edit data when a not logged-in user e.g. visits a malicious web site and is then enticed to log in to the application.
- Bug Tracker URL: http://bugs.frugalware.org/task/3372