CVE-2016-7401

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-7401
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7401.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-7401
Aliases
Downstream
Related
Published
2016-10-03T18:59:13.137Z
Modified
2025-11-14T04:49:40.117868Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

References

Affected packages

Git / github.com/django/django

Affected ranges

Type
GIT
Repo
https://github.com/django/django
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2234d1f08d079a3e4be4f1a89847dc294a4a5c1a
Last affected
37935743edbf60201adb1b53b56b8cafa754c69a
Last affected
6e749c21e77dc74af068c8e943a6e6850ae0bb24
Last affected
8a2a3a63b83375d9322c077b6356007e0bef5939
Last affected
9fbdc48c493f43961173bab8f23d633ab41a9608
Last affected
b29316c54bb3465265ff931e807229f13349457d
Last affected
c00335997744196738368f46c30ef2eeaa0ac849
Last affected
dafddb6b8c0eb778072bec1ccd536bafad0eb936
Last affected
e70a309c428cfd4e600dc9fa0c7269b1e7a8efcd
Last affected
e8bb7464c562388da48bca04c5996fe16a0c3619

Affected versions

1.*

1.0
1.1
1.2
1.2.1
1.3
1.4
1.7a1
1.7a2
1.8
1.8.1
1.8.10
1.8.11
1.8.12
1.8.13
1.8.14
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
1.8a1
1.8b1
1.8b2
1.8c1
1.9
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9a1
1.9b1
1.9rc1
1.9rc2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7401.json"