GHSA-r5cj-wv24-92p5

Source

https://github.com/advisories/GHSA-r5cj-wv24-92p5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r5cj-wv24-92p5/GHSA-r5cj-wv24-92p5.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-r5cj-wv24-92p5

Aliases

Published

2022-05-02T00:05:00Z

Modified

2024-09-16T22:32:44Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Django cross-site request forgery (CSRF) vulnerability

Details

The administration application in Django 0.91.x, 0.95.x, and 0.96.x stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.

Database specific

{
    "nvd_published_at": "2008-09-04T17:41:00Z",
    "github_reviewed_at": "2023-09-22T23:12:22Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-352"
    ],
    "github_reviewed": true
}

References

Affected packages

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.91.0

Fixed

0.91.3

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.95.0

Fixed

0.95.4

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.96.0

Fixed

0.96.3