CVE-2016-7401

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-7401

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7401.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-7401

Aliases

Related

Published

2016-10-03T18:59:13Z

Modified

2024-07-30T06:24:51.578215Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

References

Affected packages

Debian:11 / python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.10-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.10-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.10-1

Ecosystem specific

{
    "urgency": "low"
}

Git / github.com/django/django

Affected ranges

Type: GIT
Repo: https://github.com/django/django
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2234d1f08d079a3e4be4f1a89847dc294a4a5c1a

Last affected

37935743edbf60201adb1b53b56b8cafa754c69a

Last affected

6e749c21e77dc74af068c8e943a6e6850ae0bb24

Last affected

8a2a3a63b83375d9322c077b6356007e0bef5939

Last affected

9fbdc48c493f43961173bab8f23d633ab41a9608

Last affected

b29316c54bb3465265ff931e807229f13349457d

Last affected

c00335997744196738368f46c30ef2eeaa0ac849

Last affected

dafddb6b8c0eb778072bec1ccd536bafad0eb936

Last affected

e70a309c428cfd4e600dc9fa0c7269b1e7a8efcd

Last affected

e8bb7464c562388da48bca04c5996fe16a0c3619

Affected versions

1.*

1.0

1.1

1.2

1.2.1

1.3

1.4

1.7a1

1.7a2

1.8

1.8.1

1.8.10

1.8.11

1.8.12

1.8.13

1.8.14

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

1.8a1

1.8b1

1.8b2

1.8c1

1.9

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9a1

1.9b1

1.9rc1

1.9rc2